[Openswan Users] Freeswan -> Openswan upgrade, vpn not working

[Paul Wouters]

On Sun, 24 Apr 2005, Glen Eustace wrote:

> I have been using RH73, the modified kernel
> kernel-2.4.20-20.8.1.99.8.2foo.src.rpm and super-
> freeswan-1.99.8-2foo.src.rpm for a couple of years.  After some initial
> hiccups getting it to work with Checkpoint 1 it has been doing the job
> nicely.
>
> Last night, I updated our firewall to FC3, the kernel is 2.6.11-1.14_FC3
> with openswan-2.1.5-2.FC3.1
>
> I have left the config pretty much as it was, I simply added the version
> line and the one to disable OE.
>
>> From what I can see in the logs, the tunnel is comes up OK but I can not
> get a response from the other end when pinging the destination.  This
> used to work with the old setup. Being Sunday here, I cannot talk to the
> Bank to see what is happening at their end.
>
> Is there some fundamental change I have missed when going from super-
> freeswan to openswan that is preventing things from working ?

The order in which proposals are sent has likely changed during the last few
years. Checkpoint 1 might ignore everything after the first (now wrong)
proposal. Check your old logs to see what you actually used, and specify
esp= and ike= paramters.

Paul