[Openswan Users] OpenS/WAN (dynamic IP) <-> FreeS/WAN

Laurent CARON lcaron at apartia.fr
Thu Nov 18 23:16:52 CET 2004 

Itai Tavor a écrit :

> Hi,
>
> Thanks... but adding this to both gateways changes nothing for me... 
> Any more tips, anyone?
>
> TIA, Itai
>
> On 16/11/2004, at 3:29 AM, Richard Abbuhl wrote:
>
>> Hi,
>>
>>  
>>
>> With Fedora Core 1 and 2, these firewall rules allowed my VPN it to 
>> work properly (although it is not a road warrior configuration):
>>
>> /sbin/iptables -t nat -I POSTROUTING -o eth0 -p esp -j ACCEPT
>>
>> /sbin/iptables -t nat -I POSTROUTING -o eth0 -p ah -j ACCEPT
>>
>>  
>>
>> With Fedora Core 3, I can no longer get any connections working and I 
>> get this error (my advice is to stay away from Core 3):
>>
>> 112 "voco" #51: STATE_QUICK_I1: initiate
>>  003 "voco" #51: ERROR: netlink response for Add SA 
>> comp.630b at 82.161.X.XX included errno 22: Invalid argument
>>
>>  
>>
>> I hope this helps.
>>
>>  
>>
>> Regards,
>>
>> Richard
>>
>>  
>>
>> -----Original Message-----
>> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] 
>> On Behalf Of Vemcontact
>> Sent: Monday, November 15, 2004 5:01 PM
>> To: users at openswan.org
>> Subject: [Openswan Users] OpenS/WAN (dynamic IP) <-> FreeS/WAN
>>
>>  
>>
>>
>>  We have also been experiencing what we believe is the problem 
>> reported by Itai Tavor on the list.  An Openswan roadwarrior 
>> configuration under Fedora Core 1 and early Fedora Core 2 kernels 
>> connected properly to an Astaro (Frees/wan-based) IPSEC gateway, but 
>> under later Fedora Core 2 kernels and Fedora Core 3, the connection 
>> no longer works.  The ISAKAMP SA is established, but it is impossible 
>> to ping or otherwise contact the remote gateway.
>>
>>  Like Itai, we have spent a great deal of time debugging this issue 
>> using various Openswan-packaged RPMs, Fedora Project-packaged RPMs, 
>> Strongswan, and Openswan built from CVS -- all to no avail.  Does 
>> anyone have a functioning roadwarrior setup under Fedora Core 3?  If 
>> so, could you post your ipsec.conf and updown scripts, and any other 
>> info needed to get the connection working?
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users

what is in /etc/sysconfig/defaultroute ?

-- 

<Qui_Gon> je veux pinger ma machine qui est en ip 192.215.235.1 sur mon réseau local
<Jayge> Qui_Gon> pourquoi tu les as pas appellée 192.168.* comme tout le monde ???
<Qui_Gon> ok je change alors
<Jayge> Ouais, les classes A je connais c'est les modems ADSL surtout, les classes C c'est utilisé dans les reseaux mais les B?
<lc_> Jayge: les classes A ont ete invente avant les modems ADSL
<Jayge> Lc_> j'ai pas dit le contraire
<Jayge> Lc_> j'ai dit que l'utilisation la plus courante était POUR les modems ADSL !
<Jayge> nuance

More information about the Users mailing list