[Openswan Users] Can ping, but can't do anything else

Tiago Freitas Leal tfl at netcabo.pt
Mon Oct 4 23:33:21 CEST 2004


I'm running openswan 1.0.7. I had the same problem. I was told to lower the MTU. I did set the MTU of ipsec0 to 1400 with overridemtu=1400 on the config section. I think overridemtu doesn't work on openswan 2.x. But you can try to lower the MTU on the eth interface.
  ----- Original Message ----- 
  From: Luis Rodrigues 
  To: users at openswan.org 
  Sent: Monday, October 04, 2004 4:59 PM
  Subject: RE: [Openswan Users] Can ping, but can't do anything else


  OK, at least I'm not the only one with this problem. I've found this in the mailing list:

  It's from P, ipsec at dogclan.com .

   

  Anyone with an answer?

   

The tunnels come up and I can ping across the vpn with no problem.  I can ping from a client machine to another client, ect.  But that's it.  I can do anthing else.  Cant access shares, can't connect via remote desktop, can't connect to another remote admin program I've installed for testing, can't connect to a mail server that's on the other side of the vpn.  It seems the only thing I can do is ping.  I'm not getting any firewall hits if I watch /var/log/messages while trying to use any of the previously mentions apps so I'm sure it's not firewall stopping it.  I've tried running the app from subnet 1 and run tcpdump on eth1 on gateway 2 and I see the packets going across that interface.  At this point I'm pretty stumped. 

   

  Anyone with an answer?

   

   

   


------------------------------------------------------------------------------

  De: users-bounces at openswan.org [mailto:users-bounces at openswan.org] Em nome de Luis Rodrigues
  Enviada: segunda-feira, 4 de Outubro de 2004 16:26
  Para: users at openswan.org
  Assunto: [Openswan Users] Can ping, but can't do anything else

   

  I've sent this mail to the list, but no one reply'ed it. Can anyone help me?

  I've been working on this for weeks now, and i'm getting desperate!

   

   

   

  I've found something quite strange with tcpdump.

   

  using tcpdump in the eth0, the one that connects to the router, i found out  that when i ping the remote host, i can see the (at lesat i think it is) ESP packets going, but the reply packets come in the clear, marked with icmp reply.

   

  Is this normal?

   

  The strange thing is that icmp works no matter what routing setup i test, but nothing else works. I really need to use windows machines, and i have a big problem on my hands.....

   

   



------------------------------------------------------------------------------


  _______________________________________________
  Users mailing list
  Users at openswan.org
  http://lists.openswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20041004/a342697b/attachment-0001.htm


More information about the Users mailing list