[Openswan Users] Can Ping but nothing else - Revisited

P ipsec at dogclan.com
Wed Sep 15 19:41:58 CEST 2004


I continue to have this problem after much tinkering.  I've played with 
MTU settings .... no go....

For testing purposes I just set up a Tunnel between one of my Fedora 
Core2 gateways and a Netgear FVL328 VPN Router.  Now In this scenario 
heres what happens.  The tunnels come up, and any machine behind the 
Netgear router and acces any machine on the subnet behind the Openswan 
gateway.  But I'm still having the same problem from machines that are 
using openswan for a gateway.  They can ping any machine behind the 
Netgear box ..... but they can't do anything else.  I've seen a couple 
emails about this problem on the list but no definitive solutions.  Just 
wondering if there is anyone out there whos overcome this problem.  I'd 
like to get this solved before my boss just goes out and buys a bunch of 
Netgear routers  :(





P wrote:

> Hi all, I'm looking for a little direction here.
>
> I'm running 2 Fedora Core 2 Gateways with Openswan 2.1.5-1 on each. 
> I've built 4 tunnels:
>
> Network-Network
> Left Subnet-Right Gateway
> Left Gateway-Right Subnet
> Gateway to Gateway
>
> My setup looks something liket this:
>
>
>                                 Gateway 1                    Gateway 2
> 10.0.0.0 subnet---10.0.0.1--64.x.x.x ---151.x.x.x--10.0.1.1---10.0.1.0 
> subnet
>                                  eth1        eth0             
> eth0          eth1
>
>
> using the following /etc/ipsec.conf:
>
> config setup
>       # Debug-logging controls:  "none" for (almost) none, "all" for 
> lots.
>       # klipsdebug=all
>       # plutodebug=dns
>       interfaces="%defaultroute"
>       klipsdebug=none
>       plutodebug=none
>       uniqueids=yes
>
> conn %default
>       keyingtries=1
>
> conn leftnet-rightnet
>       left=64.x.x.x
>       leftsubnet=10.0.0.0/24
>       leftid=64.x.x.x
>       leftrsasigkey=(LEFTKEY)
>       right=151.x.x.x
>       rightsubnet=10.0.1.0/24
>       rightid=151.x.x.x
>       rightrsasigkey=(RIGHTKEY)
>       rightnexthop=151.x.x.1
>       auto=start
>
> conn leftgate-rightgate
>       left=64.x.x.x
>       leftnexthop=64.x.x.1
>       leftrsasigkey=(LEFTKEY)
>       right=151.x.x.x
>       rightnexthop=151.x.x.1
>       rightrsasigkey=(RIGHTKEY)
>
> conn leftgate-rightnet
>       leftid=64.x.x.x
>       left=64.x.x.x
>       leftrsasigkey=(LEFTKEY)
>       leftnexthop=64.x.x.1
>       rightid=151.x.x.x
>       right=151.x.x.x
>       rightsubnet=10.0.1.0/24
>       rightrsasigkey=(RIGHTKEY)
>       rightnexthop=151.x.x.1
>       auto=start
>
> conn leftnet-rightgate
>       leftid=64.x.x.x
>       left=64.x.x.x
>       leftsubnet=10.0.0.0/24
>       leftrsasigkey=(LEFTKEY)
>       leftnexthop=64.x.x.1
>       rightid=151.x.x.x
>       right=151.x.x.x
>       rightrsasigkey=(RIGHTKEY)
>       auto=start
>
>
> The tunnels come up and I can ping across the vpn with no problem.  I 
> can ping from a client machine to another client, ect.  But that's 
> it.  I can do anthing else.  Cant access shares, can't connect via 
> remote desktop, can't connect to another remote admin program I've 
> installed for testing, can't connect to a mail server that's on the 
> other side of the vpn.  It seems the only thing I can do is ping.  I'm 
> not getting any firewall hits if I watch /var/log/messages while 
> trying to use any of the previously mentions apps so I'm sure it's not 
> firewall stopping it.  I've tried running the app from subnet 1 and 
> run tcpdump on eth1 on gateway 2 and I see the packets going across 
> that interface.  At this point I'm pretty stumped.
>
> I will be happy to post any other info if it's needed.  Just looking 
> to be pointed in the right direction.....
>
> ~P~
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users




More information about the Users mailing list