[Openswan Users] SuSE 9.2 Openswan

Mon Apr 25 11:32:10 CEST 2005

Hi All,

I have 2 linux SuSE 9.2 boxes, used in diferent location like this:

LEFT  LAN -192.160.0.0/24 --- LEFT SUSE 9.2 BOX 192.168.0.218 <>
200.xxx.xxx.xxx FIXED EXT. IP 
|
INTERNET
|
RIGHT SUSE 9.2 BOX  201.xxx.xxx.xxx <> 192.168.1.2  FIXED EXTERNAL IP --
RIGHT LAN  192.168.1.0/24

I made a net to net VPN conexion
ipsec auto --up net2net
112 "net2net" #53: STATE_QUICK_I1: initiate
004 "net2net" #53: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x1565c5fc <0xc999dff7}

The problem is I can't see the pc from on internal lan to the other, can't
ping. 

Do you think the problem is in the firewall?

Thanks
Andres Hocevar

BARF is in http://www.hocevar.info/barf.txt

This is my ipsec.conf

version 2.0     # conforms to second version of ipsec.conf specification
conn %default
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn net2net
        left=200.xxx.xxx.xxx
        leftsubnet=192.168.0.0/24
        leftid=@location1.net
        leftrsasigkey=.............
        leftnexthop=%defaultroute
        leftsourceip=192.168.0.218
        right=201.xxx.xxx.xxx
        rightsubnet=192.168.1.0/24
        rightid=@location2.net
        rightrsasigkey=...................
        rightnexthop=%defaultroute
        rightsourceip=192.168.1.2
        auto=add

These are the firewall settings:
   FW_DEV_EXT="dsl0"
   FW_ROUTE="yes"
   FW_MASQUERADE="yes"
   FW_MASQ_DEV="$FW_DEV_EXT"
   FW_MASQ_NETS="0/0,!192.168.1.0/24"
   FW_PROTECT_FROM_INTERNAL="no"
   FW_AUTOPROTECT_SERVICES="no"
   FW_SERVICES_EXT_TCP="http ssh 80"
   FW_SERVICES_EXT_UDP="isakmp"
   FW_SERVICES_DMZ_TCP="80"
   FW_SERVICES_INT_TCP="80"
   FW_SERVICES_INT_IP="esp"
   FW_SERVICES_REJECT_EXT="0/0,tcp,113"
   FW_FORWARD="192.168.0.0/24,192.168.1.0/24,,,ipsec
192.168.1.0/24,192.168.0.0/24,,,ipsec"
   FW_LOG_DROP_CRIT="yes"
   FW_LOG_DROP_ALL="no"
   FW_KERNEL_SECURITY="yes"
   FW_ALLOW_FW_TRACEROUTE="yes"
   FW_IPSEC_TRUST="int"