[Openswan Users] OpenS/WAN (dynamic IP) <-> FreeS/WAN
Itai Tavor
itai at iinet.net.au
Wed Nov 17 18:09:17 CET 2004
Hi,
Thanks... but adding this to both gateways changes nothing for me...
Any more tips, anyone?
TIA, Itai
On 16/11/2004, at 3:29 AM, Richard Abbuhl wrote:
> Hi,
>
>
>
> With Fedora Core 1 and 2, these firewall rules allowed my VPN it to
> work properly (although it is not a road warrior configuration):
>
> /sbin/iptables -t nat -I POSTROUTING -o eth0 -p esp -j ACCEPT
>
> /sbin/iptables -t nat -I POSTROUTING -o eth0 -p ah -j ACCEPT
>
>
>
> With Fedora Core 3, I can no longer get any connections working and I
> get this error (my advice is to stay away from Core 3):
>
> 112 "voco" #51: STATE_QUICK_I1: initiate
> 003 "voco" #51: ERROR: netlink response for Add SA
> comp.630b at 82.161.X.XX included errno 22: Invalid argument
>
>
>
> I hope this helps.
>
>
>
> Regards,
>
> Richard
>
>
>
> -----Original Message-----
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]
> On Behalf Of Vemcontact
> Sent: Monday, November 15, 2004 5:01 PM
> To: users at openswan.org
> Subject: [Openswan Users] OpenS/WAN (dynamic IP) <-> FreeS/WAN
>
>
>
>
> We have also been experiencing what we believe is the problem
> reported by Itai Tavor on the list. An Openswan roadwarrior
> configuration under Fedora Core 1 and early Fedora Core 2 kernels
> connected properly to an Astaro (Frees/wan-based) IPSEC gateway, but
> under later Fedora Core 2 kernels and Fedora Core 3, the connection no
> longer works. The ISAKAMP SA is established, but it is impossible to
> ping or otherwise contact the remote gateway.
>
> Like Itai, we have spent a great deal of time debugging this issue
> using various Openswan-packaged RPMs, Fedora Project-packaged RPMs,
> Strongswan, and Openswan built from CVS -- all to no avail. Does
> anyone have a functioning roadwarrior setup under Fedora Core 3? If
> so, could you post your ipsec.conf and updown scripts, and any other
> info needed to get the connection working?
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list