[Openswan Users]
IPSec-tunnel does not works until a traceroute from the host to the
roadwarrior
Michael P. Dobmeier
dobmeier.michael at web.de
Wed Jun 16 23:10:20 CEST 2004
Dear experts,
as I have some strange problems with openswan under SuSE-Linux 9.1
(U2.1.2/K2.6.4-54.5 native) I hope you have an advice how to get Openswan to
work.
The Hardware-configuration is as follows:
Left-Side:
==========
DMZ
192.168.2.2--
(host:linux/openswan) \
--192.168.2.1<->a.b.c.d(dynIP/dynDNS)-->Internet
/ DSL-WLAN-Router(SMC2804WBR)
192.168.2.101-- (IPSec-Pass through,
(RW1:WinXP/ebootis) NAT: ext. UDP 500 <-> 192.168.2.2 UDP 500
ext. TCP 22 <-> 192.168.2.2 TCP 22)
Right-Side:
=============
Internet <--> e.f.g.h
DialUp (RW2:WinXP/ebootis)
It's no problem to get up a tunnel between the host and RW1. But I have some
problems to establish a tunnel between the host and RW2 even though the logs
don't show any errors - whether the /var/log/messages under linux nor the
oakley-log under Windows.
While pinging from RW2 to the host I get the following output:
Negotiating IP Security.
Negotiating IP Security.
Request timed out.
Request timed out.
Every new ping has the result "Request timed out." even though the IPsec SA
is established. I also have no access to the running services on the host
over the tunnel.
But I have found a possibility to get the tunnel work: the ping is not
successfull until I do a traceroute from the host to the RW2. As soon as the
traceroute has finished, the tunnel works and I have access to the services
on the host.
Now my question is, what's going wrong here. I think it would be a
possibility to create a script which is called by the "leftupdown"-command
which does the traceroute, however I would like to understand, what's the
process behind or exact fault!
Thankyou kindly in advance for any help!
Sincerely,
Michael
More information about the Users
mailing list