[Openswan Users] Another error happend
Frank Hubrach
f.hubrach at spiekermann.de
Thu Aug 4 09:26:43 CEST 2005
Hello,
one more error happend, on files greater then 100kB openswan hangs ...
What's wrong ?
Frank Hubrach schrieb:
> Hello,
>
> i have updated my configuration from freeswan 1.98 to openswan 2.2.0.
> Before update everything was fine.
> After the update one tunnel works fine again, but the second did not.
> Tunnel Section A ist -- one SubNet on the Router Left and one on the
> Router right.
> Tunnel Section B ist --- one Subnet(the same) on the Router Left and a
> Subnet wich is Routet by another Router on the Rigth Subnet
>
> Here ist my config
> version 2.0
> config setup
> interfaces=%defaultroute
> klipsdebug=none
> plutodebug=none
> uniqueids=yes
> forwardcontrol=yes
> nat_traversal=yes
>
> conn %default
> keylife=30m
> dpdtimeout=60s
> dpddelay=10s
> dpdaction=clear
> ikelifetime=20m
> rekeymargin=120s
> auto=add
> keyingtries=3
> disablearrivalcheck=no
> authby=rsasig
> right=%defaultroute
> rightcert=Place of cert
> rightid=the right id
> rightsubnet=192.168.60.0/24
>
> conn private
> auto=ignore
>
> conn private-or-clear
> auto=ignore
>
> conn clear
> auto=ignore
>
> conn clear-or-private
> auto=ignore
>
> conn block
> auto=ignore
>
> conn OEself
> auto=ignore
>
>
> conn packetdefault
> auto=ignore
>
> conn Section-A
> left=left ip
> leftrsasigkey=%cert
> leftnexthop=left hop
> leftid="leftid"
> leftsubnet=192.168.20.0/24
> auto=start
>
> conn Section-B
> left=left ip
> leftrsasigkey=%cert
> leftnexthop=left next hop
> leftid=left id
> leftsubnet=10.16.224.0/24
> auto=start
>
> Routing on the left Subnet :
> 10.16.224.0 192.168.20.7 255.255.255.0 UG 0 0
> 0 eth1
> 192.168.60.0 nexthop 255.255.255.0 UG 0
> 0 0 eth0
>
> Routing on the Right Subnet
> only one default router
>
> In the existing log file nothing is said about wrong connections,
> every connection is successfully.
> "Section-A" #2: sent QI2, IPsec SA established {ESP=>0xfe0825c0
> <0x42f72633}
> "Section-B" #4: sent QI2, IPsec SA established {ESP=>0x8eabdcb2
> <0x6ec8390 )
>
> The firewall is the same as in freeswan 1.98 , and other Locations are
> working fine on both Subnets - but the are running freeswan 1.98.
>
> Any ideas ?
> Yours
> Frank
>
> Sorry for my bad english.
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
--
Mit freundlichen Grüßen
SPIEKERMANN GmbH
i.A. Frank Hubrach
SPIEKERMANN GmbH
Beratende Ingenieure
Fritz-Vomfelde-Str. 12
40547 Düsseldorf
Germany
Fon +49 (0)211 5236 311
Fax +49 (0)211 5236 390
http://www.spiekermann.de
Erklärungen der SPIEKERMANN GmbH, die per eMail übermittelt werden, sind
nur im Falle schriftlicher Bestätigung rechtsverbindlich.
Information from SPIEKERMANN GmbH transmitted by eMail
are legally binding only in case of written confirmation.
More information about the Users
mailing list