[Openswan Users]
Iptables blocks re-incoming esp pakets, but the connection is
established from client to server
foren titze
foren.titze at gmx.net
Tue Aug 30 10:09:10 CEST 2005
hello users,
I have set up an Linux Linux Ipsec Tunnel. The connection is established. But
if I try to ping or make an ssh into the subnet behind the gateway, I get an
error message on the client side.
---
REJECT UDP IN=eth1 OUT= MAC= SRC=134.xxx.xxx.30 DST=134.147.130.127 LEN=242
TOS=0x00 PREC=0x00 TTL=64 ID=2825 DF PROTO=UDP SPT=138 DPT=138 LEN=222
REJECT UDP IN=eth1 OUT= MAC= SRC=134.xxx.xxx.30 DST=134.147.130.127 LEN=235
TOS=0x00 PREC=0x00 TTL=64 ID=2826 DF PROTO=UDP SPT=138 DPT=138 LEN=215
REJECT UDP IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:09:5c:8c:ce:08:00
SRC=134.147.130.31 DST=134.147.130.127 LEN=229 TOS=0x00 PREC=0x00 TTL=128
ID=31599 PROTO=UDP SPT=138 DPT=138 LEN=209
REJECT OTHER IN=eth1 OUT= MAC=00:20:ed:8f:9b:c5:00:d0:02:76:63:fc:08:00
SRC=195.xxx.xxx.21 DST=134.xxx.xxx.30 LEN=152 TOS=0x00 PREC=0x00 TTL=51
ID=59249 PROTO=ESP SPI=0xcb7157b
REJECT OTHER IN=eth1 OUT= MAC=00:20:ed:8f:9b:c5:00:d0:02:76:63:fc:08:00
SRC=195.xxx.xxx.21 DST=134.xxx.xxx.30 LEN=152 TOS=0x00 PREC=0x00 TTL=51
ID=59250 PROTO=ESP SPI=0xcb7157b
REJECT OTHER IN=eth1 OUT= MAC=00:20:ed:8f:9b:c5:00:d0:02:76:63:fc:08:00
SRC=195.xxx.xxx.21 DST=134.xxx.xxx.30 LEN=152 TOS=0x00 PREC=0x00 TTL=51
ID=59251 PROTO=ESP SPI=0xcb7157b
REJECT OTHER IN=eth1 OUT= MAC=00:20:ed:8f:9b:c5:00:d0:02:76:63:fc:08:00
SRC=195.xxx.xxx.21 DST=134.xxx.xxx.30 LEN=152 TOS=0x00 PREC=0x00 TTL=51
ID=59252 PROTO=ESP SPI=0xcb7157b
---
I don't have allowed esp incoming client side, but there isn't the service
Ipsec as on the gateway side.
What I have to do on the client firewall? Should I have to open ESP and Port
500 for the gate-IP?
thx ben
More information about the Users
mailing list