[Openswan Users] adsl vpn

Alberto E. Gallardo Doñate ergallardo at yahoo.es
Mon Apr 25 13:46:40 CEST 2005 

Hello.

I am trying to configure a vpn connection between two linux (linux1 and linux2), both of them  behind an adsl router. But I have some problems... 
Let me show you 2 senarios:

Scenario 1:
 linux 1 -> ipsec.conf
        ...
        auto=start
        ...
 linux 2 -> ipsec.conf
        ...
        auto=add
        ...

In this scenario, linux1 sends the first packet to linux 2 (src and dst port = 500) and the communication is established (port 500 and 4500 open in both linux) without problem. I can ping from subnet1 to subnet2 but not from subnet2 to subnet1.

Scenario 2
 linux 1 -> ipsec.conf
        ...
        auto=add
        ...
 linux 2 -> ipsec.conf
        ...
        auto=start
        ...
In this case, linux2 sends the first packet to linux1. Linux2 receives a icmp isakmp port unreachable from public ip of adsl1. 
My ISP which manages the adsl router tells me that all ports are open.
Why is this possible?
May it be because of a firewall rule?
In scenario1, I sniifer both linux and see packets from one to antother to and from ports 500 and 4500. But in Scenario2, I can only see pckets in linux2: one packet sent to port 500 and the icmp packet.

Any help?
Thanks.
Alberto





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050425/96ef4afa/attachment.htm

More information about the Users mailing list