[Openswan Users] Can ping, but nothing else

Phil phil at gamutonline.com
Fri Sep 3 09:18:14 CEST 2004 

Hi all, I'm looking for a little direction here.

I'm running 2 Fedora Core 2 Gateways with Openswan 2.1.5-1 on each. 
I've built 4 tunnels:

Network-Network
Left Subnet-Right Gateway
Left Gateway-Right Subnet
Gateway to Gateway

My setup looks something liket this:


                                              Gateway 1                  
               Gateway 2
10.0.0.0 subnet ----------10.0.0.1--64.x.x.x 
------------151.x.x.x--10.0.1.1--------------10.0.1.0 subnet
                                            eth1        eth0            
               eth0          eth1


using the following /etc/ipsec.conf:

config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=all
        # plutodebug=dns
        interfaces="%defaultroute"
        klipsdebug=none
        plutodebug=none
        uniqueids=yes

conn %default
        keyingtries=1

conn leftnet-rightnet
        left=64.x.x.x
        leftsubnet=10.0.0.0/24
        leftid=64.x.x.x
        leftrsasigkey=(LEFTKEY)
        right=151.x.x.x
        rightsubnet=10.0.1.0/24
        rightid=151.x.x.x
        rightrsasigkey=(RIGHTKEY)
        rightnexthop=151.x.x.1
        auto=start

conn leftgate-rightgate
        left=64.x.x.x
        leftnexthop=64.x.x.1
        leftrsasigkey=(LEFTKEY)
        right=151.x.x.x
        rightnexthop=151.x.x.1
        rightrsasigkey=(RIGHTKEY)

conn leftgate-rightnet
        leftid=64.x.x.x
        left=64.x.x.x
        leftrsasigkey=(LEFTKEY)
        leftnexthop=64.x.x.1
        rightid=151.x.x.x
        right=151.x.x.x
        rightsubnet=10.0.1.0/24
        rightrsasigkey=(RIGHTKEY)
        rightnexthop=151.x.x.1
        auto=start

conn leftnet-rightgate
        leftid=64.x.x.x
        left=64.x.x.x
        leftsubnet=10.0.0.0/24
        leftrsasigkey=(LEFTKEY)
        leftnexthop=64.x.x.1
        rightid=151.x.x.x
        right=151.x.x.x
        rightrsasigkey=(RIGHTKEY)
        auto=start


The tunnels come up and I can ping across the vpn with no problem.  I 
can ping from a client machine to another client, ect.  But that's it.  
I can do anthing else.  Cant access shares, can't connect via remote 
desktop, can't connect to another remote admin program I've installed 
for testing, can't connect to a mail server that's on the other side of 
the vpn.  It seems the only thing I can do is ping.  I'm not getting any 
firewall hits if I watch /var/log/messages while trying to use any of 
the previously mentions apps so I'm sure it's not firewall stopping it.  
I've tried running the app from subnet 1 and run tcpdump on eth1 on 
gateway 2 and I see the packets going across that interface.  At this 
point I'm pretty stumped.

I will be happy to post any other info if it's needed.  Just looking to 
be pointed in the right direction.....

~P~

More information about the Users mailing list