[Openswan Users] Ipsec establish but cannot ping (routing problem)
Cebu Inc
cebuinc at hotmail.com
Fri Nov 19 11:14:43 CET 2004
Hello,
Im pretty sure this is just routing problem, I can establish connection.
this is my ipsec.conf
config setup
interfaces="ipsec0=eth0:3 ipsec1=eth3"
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.1.0/16
klipsdebug=none
plutodebug=none
uniqueids=yes
conn %default
keyingtries=3
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn wireless-net
leftsubnet=192.168.1.0/24
also=wireless
conn wireless
left=192.168.2.254
leftnexthop=65.x.x.x
leftcert=/etc/ipsec.d/certs/vpncert.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
conn roadwarrior
left=x.x.x.x
leftnexthop=65.x.x.x
leftsubnet=192.168.1.0/24
leftcert=/etc/ipsec.d/certs/vpncert.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
My wireless works just fine, my problem is my roadwarrior setup. The
connection establish, but I cannot ping any internal ip's. Ipsec works if
im in over lapping network.
laptop 192.168.1.0/24 -----> fw --------- internet ----------- fw -------
192.168.1.0/24 networkABC
if im connected like this where my laptop is behind 192.168.1.0/24 same
thing as my networkABC, the connection works, I can ping and do everything
else.
If I use dialup or other network that is not as networkABC ip's, then I can
only make ipsec establish, but I cannot do anything else.
looking at my route
dialup ------ networkABC gateway ---------- ipsec0
which looks fine, doing ipsec eroute also looks ok.
I did try to tcpdump the internal nic (eth1) I do not see anything
connection made, on my external (eth0) I can see the connection made.
Please help.
Thanks
joshua mercado
Nov 19 01:32:04 abc pluto[9503]: "roadwarrior"[1] 68.224.10.89 #1:
responding to Main Mode from unknown peer 68.224.10.89
Nov 19 01:32:04 abc pluto[9503]: "roadwarrior"[1] 68.224.10.89 #1:
transition from state (null) to state STATE_MAIN_R1
Nov 19 01:32:04 abcl pluto[9503]: "roadwarrior"[1] 68.224.10.89 #1:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 19 01:32:04 abc pluto[9503]: "roadwarrior"[1] 68.224.10.89 #1: Peer ID
is ID_DER_ASN1_DN: 'C=x, ST=x, L=x, O=x, CN=x, E=x'
Nov 19 01:32:04 abc pluto[9503]: "roadwarrior"[2] 68.224.10.89 #1: deleting
connection "roadwarrior" instance with peer 68.224.10.89
{isakmp=#0/ipsec=#0}
Nov 19 01:32:04 abc pluto[9503]: "roadwarrior"[2] 68.224.10.89 #1: I am
sending my cert
Nov 19 01:32:04 abc pluto[9503]: "roadwarrior"[2] 68.224.10.89 #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 19 01:32:04 abc pluto[9503]: "roadwarrior"[2] 68.224.10.89 #1: sent MR3,
ISAKMP SA established
Nov 19 01:32:04 abc pluto[9503]: "roadwarrior"[2] 68.224.10.89 #2:
responding to Quick Mode
Nov 19 01:32:05 abc pluto[9503]: "roadwarrior"[2] 68.224.10.89 #2:
transition from state (null) to state STATE_QUICK_R1
Nov 19 01:32:05 abc pluto[9503]: "roadwarrior"[2] 68.224.10.89 #2:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Nov 19 01:32:05 abc pluto[9503]: "roadwarrior"[2] 68.224.10.89 #2: IPsec SA
established {ESP=>0x7b43b1ce <0x4dbda09e}
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the Users
mailing list