[Openswan Users] OpenS/WAN (dynamic IP) <-> FreeS/WAN
Richard Abbuhl
rabbuhl at vocognition.com
Mon Nov 15 17:29:20 CET 2004
Hi,
With Fedora Core 1 and 2, these firewall rules allowed my VPN it to work
properly (although it is not a road warrior configuration):
/sbin/iptables -t nat -I POSTROUTING -o eth0 -p esp -j ACCEPT
/sbin/iptables -t nat -I POSTROUTING -o eth0 -p ah -j ACCEPT
With Fedora Core 3, I can no longer get any connections working and I get
this error (my advice is to stay away from Core 3):
112 "voco" #51: STATE_QUICK_I1: initiate
003 "voco" #51: ERROR: netlink response for Add SA comp.630b at 82.161.X.XX
included errno 22: Invalid argument
I hope this helps.
Regards,
Richard
-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Vemcontact
Sent: Monday, November 15, 2004 5:01 PM
To: users at openswan.org
Subject: [Openswan Users] OpenS/WAN (dynamic IP) <-> FreeS/WAN
We have also been experiencing what we believe is the problem reported by
Itai Tavor on the list. An Openswan roadwarrior configuration under Fedora
Core 1 and early Fedora Core 2 kernels connected properly to an Astaro
(Frees/wan-based) IPSEC gateway, but under later Fedora Core 2 kernels and
Fedora Core 3, the connection no longer works. The ISAKAMP SA is
established, but it is impossible to ping or otherwise contact the remote
gateway.
Like Itai, we have spent a great deal of time debugging this issue using
various Openswan-packaged RPMs, Fedora Project-packaged RPMs, Strongswan,
and Openswan built from CVS -- all to no avail. Does anyone have a
functioning roadwarrior setup under Fedora Core 3? If so, could you post
your ipsec.conf and updown scripts, and any other info needed to get the
connection working?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20041115/ecba03aa/attachment.htm
More information about the Users
mailing list