[Openswan Users] Problem Net-to-road - tunnel goes up, but no traffic seems to come through

Brad Chang openswan at dotnoc.com
Mon Jul 12 12:24:17 CEST 2004 

Hi Stefan,

I had a similar problem,  did you do tcpdump and see any packets comming from
client side when your trying to ping? and does your vpn disconnect after like a
minuite? if so check your rp_filter is set to 0.


thanks
-Brad


Quoting Stefan Kuhlemann <kuhlemann at nefkom.net>:

> Hi all,
> 
> at the moment, I am playing with VPN/Openswan.
> My network setup looks like:
> 
> internal net 10.3.8.0/24 -- GW Linux (int: 10.3.8.35 / ext: 
> 212.34.1xx.xxx) - internet - ClientPC with dialup and 'SSH Sentinel /
> WinXP'
> 
> Everything seems to work fine, since the tunnel with PSK authentication 
> seems to come up without problem.  See:
> 
> Jul 12 19:27:40 firewall pluto[4845]: "haiger" #5: transition from state 
> STATE_MAIN_I1 to state STATE_MAIN_I2
> Jul 12 19:27:40 firewall pluto[4845]: "haiger" #5: transition from state 
> STATE_MAIN_I2 to state STATE_MAIN_I3
> Jul 12 19:27:40 firewall pluto[4845]: "haiger" #5: Peer ID is 
> ID_IPV4_ADDR: '62.153.1xx.xxx'
> Jul 12 19:27:40 firewall pluto[4845]: "haiger" #5: transition from state 
> STATE_MAIN_I3 to state STATE_MAIN_I4
> Jul 12 19:27:40 firewall pluto[4845]: "haiger" #5: ISAKMP SA established
> Jul 12 19:27:40 firewall pluto[4845]: "haiger" #6: initiating Quick Mode 
> PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#5}
> Jul 12 19:27:40 firewall pluto[4845]: "haiger" #6: transition from state 
> STATE_QUICK_I1 to state STATE_QUICK_I2
> Jul 12 19:27:40 firewall pluto[4845]: "haiger" #6: sent QI2, IPsec SA 
> established {ESP=>0xa0520422 <0x1826cbe4}
> 
> But  I don't get any traffic through the tunnel. No ping, no http-requ., 
> and so on....
> ..the route seems also correctly created...
> 
> the 'ipsec barf'-output seems also ok....and also 'flushed' the iptables 
> for testing....
> 
> Any hints, what's causing this problem?
> 
> thnx in advance
> 
> Stefan
> 
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 






Thanks and best regards,
-Brad Chang
-http://www.dotnoc.com


-------------------------------------------------------------------
hosting,web design and managed services @ http://www.dotnoc.com

More information about the Users mailing list