[Openswan Users] OpenS/WAN (dynamic IP) <-> FreeS/WAN
Laurent CARON
lcaron at apartia.fr
Thu Nov 18 23:16:52 CET 2004
Itai Tavor a écrit :
> Hi,
>
> Thanks... but adding this to both gateways changes nothing for me...
> Any more tips, anyone?
>
> TIA, Itai
>
> On 16/11/2004, at 3:29 AM, Richard Abbuhl wrote:
>
>> Hi,
>>
>>
>>
>> With Fedora Core 1 and 2, these firewall rules allowed my VPN it to
>> work properly (although it is not a road warrior configuration):
>>
>> /sbin/iptables -t nat -I POSTROUTING -o eth0 -p esp -j ACCEPT
>>
>> /sbin/iptables -t nat -I POSTROUTING -o eth0 -p ah -j ACCEPT
>>
>>
>>
>> With Fedora Core 3, I can no longer get any connections working and I
>> get this error (my advice is to stay away from Core 3):
>>
>> 112 "voco" #51: STATE_QUICK_I1: initiate
>> 003 "voco" #51: ERROR: netlink response for Add SA
>> comp.630b at 82.161.X.XX included errno 22: Invalid argument
>>
>>
>>
>> I hope this helps.
>>
>>
>>
>> Regards,
>>
>> Richard
>>
>>
>>
>> -----Original Message-----
>> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]
>> On Behalf Of Vemcontact
>> Sent: Monday, November 15, 2004 5:01 PM
>> To: users at openswan.org
>> Subject: [Openswan Users] OpenS/WAN (dynamic IP) <-> FreeS/WAN
>>
>>
>>
>>
>> We have also been experiencing what we believe is the problem
>> reported by Itai Tavor on the list. An Openswan roadwarrior
>> configuration under Fedora Core 1 and early Fedora Core 2 kernels
>> connected properly to an Astaro (Frees/wan-based) IPSEC gateway, but
>> under later Fedora Core 2 kernels and Fedora Core 3, the connection
>> no longer works. The ISAKAMP SA is established, but it is impossible
>> to ping or otherwise contact the remote gateway.
>>
>> Like Itai, we have spent a great deal of time debugging this issue
>> using various Openswan-packaged RPMs, Fedora Project-packaged RPMs,
>> Strongswan, and Openswan built from CVS -- all to no avail. Does
>> anyone have a functioning roadwarrior setup under Fedora Core 3? If
>> so, could you post your ipsec.conf and updown scripts, and any other
>> info needed to get the connection working?
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
what is in /etc/sysconfig/defaultroute ?
--
<Qui_Gon> je veux pinger ma machine qui est en ip 192.215.235.1 sur mon réseau local
<Jayge> Qui_Gon> pourquoi tu les as pas appellée 192.168.* comme tout le monde ???
<Qui_Gon> ok je change alors
<Jayge> Ouais, les classes A je connais c'est les modems ADSL surtout, les classes C c'est utilisé dans les reseaux mais les B?
<lc_> Jayge: les classes A ont ete invente avant les modems ADSL
<Jayge> Lc_> j'ai pas dit le contraire
<Jayge> Lc_> j'ai dit que l'utilisation la plus courante était POUR les modems ADSL !
<Jayge> nuance
More information about the Users
mailing list