[Openswan Users]
IPSec-tunnel does not work until a ping or traceroute from the host
--> (!) to the roadwarrior
Michael P. Dobmeier
dobmeier.michael at web.de
Fri Jun 25 01:01:24 CEST 2004
Dear experts,
as I have some strange problems with freeswan(2.04
X.509-1.5.3)/openswan(U2.1.2/K2.6.4-54.5 native) under SuSE-Linux 9.1 I hope
you have an advice how to get Freeswan/Openswan to work.
The described problems are both in freeswan and openswan.
The Hardware-configuration is as follows:
Left-Side:
==========
DMZ
192.168.2.2--
(host:linux/openswan) \
--192.168.2.1<->a.b.c.d(dynIP/dynDNS)-->Internet
/ DSL-WLAN-Router(SMC2804WBR)
192.168.2.101-- (IPSec-Pass through,
(RW1:WinXP/ebootis) NAT: ext. UDP 500 <-> 192.168.2.2 UDP 500
ext. TCP 22 <-> 192.168.2.2 TCP 22)
Right-Side:
=============
Internet <--> e.f.g.h
DialUp (RW2:WinXP/ebootis)
It's no problem to get up a tunnel between the host and RW1. But I have some
problems to establish a tunnel between the host and RW2 even though the logs
don't show any errors - whether the /var/log/messages under linux nor the
oakley-log under Windows.
While pinging from RW2 to the host I get the following output:
Negotiating IP Security.
Negotiating IP Security.
Request timed out.
Request timed out.
Every new ping has the result "Request timed out." even though the IPsec SA
is established. I also have no access to the running services on the host
over the tunnel.
But I have found a possibility to get the tunnel work: the ping is not
successfull until I do also a ping or a traceroute from the host to the RW2.
After a ping in both(!) directions or a traceroute the tunnel works and I
have access to the services on the host.
Now my question is, what's going wrong here. I think it would be a
possibility to create a script which is called by the "leftupdown"-command
which does the ping or traceroute, however I would like to understand,
what's the process behind or exact fault!
Thankyou kindly in advance for any help!
Sincerely,
Michael
More information about the Users
mailing list