[Openswan Users] Openswan to Openswan

Paul Wouters paul at xelerance.com
Fri Dec 16 15:24:21 CET 2005 

On Fri, 16 Dec 2005, Tsitsi wrote:

> >>>>>This is ipsec verify command from GW A and GW B

Looks good. I guess if possible sniff/trace some traffic
to see what is going on.

Paul

>
>
> Checking your system to see if IPsec got installed and
> started correctly:
> Version check and ipsec on-path
>                  [OK]
> Linux Openswan U2.2.0/K2.6.8-2-386 (native)
> Checking for IPsec support in kernel
>                  [OK]
> Checking for RSA private key (/etc/ipsec.secrets)
>                  [FAILED]
> ipsec showhostkey: no default key in
> "/etc/ipsec.secrets"
> Checking that pluto is running
>                  [OK]
> Two or more interfaces found, checking IP forwarding
>                  [OK]
> Checking NAT and MASQUERADEing
>                  [N/A]
> Checking for 'ip' command
>                  [OK]
> Checking for 'iptables' command
>                  [OK]
> Checking for 'setkey' command for native IPsec stack
> support            [OK]
>
> Opportunistic Encryption DNS checks:
>    Looking for TXT in forward dns zone: debian0
>                  [MISSING]
>    Does the machine have at least one non-private
> address?              [FAILED]
>
> [GW A]#route
> Destination     Passerelle      Genmask         Indic
> Metric Ref    Use Iface
> 192.168.100.0   172.16.1.1      255.255.255.0   UG
> 0      0        0 eth0
> 192.168.1.0     *               255.255.255.0   U
> 0      0        0 eth1
> 172.16.1.0      *               255.255.255.0   U
> 0      0        0 eth0
>
>
> [GW B]#route
> Destination     Passerelle      Genmask         Indic
> Metric Ref    Use Iface
> 192.168.100.0   *               255.255.255.0   U
> 0      0        0 eth1
> 192.168.1.0     172.16.1.3      255.255.255.0   UG
> 0      0        0 eth0
> 172.16.1.0      *               255.255.255.0   U
> 0      0        0 eth0
> default         192.168.100.251 0.0.0.0         UG
> 0      0        0 eth1
>
> --- Paul Wouters <paul at xelerance.com> a écrit :
>
> > On Thu, 15 Dec 2005, Tsitsi wrote:
> >
> > > I found in many documentation for Frees/Wan that
> > you
> > > must copy the file from GW A to GW B
> >
> > You often can, you do not have to.
> >
> > > 004 "site-to-site" #8: STATE_QUICK_I2: sent QI2,
> > IPsec
> > > SA established {ESP=>0x026f97ce <0xacc37e2a}
> >
> > Looks good.
> >
> > > That's working but i can't ping from network A to
> > > network B
> >
> > what does 'ipsec verify' say?
> >
> > Paul
> >
>
>
>
>
>
>
> ___________________________________________________________________________
> Nouveau : téléphonez moins cher avec Yahoo! Messenger. Appelez le monde entier à partir de 0,012 €/minute !
> Téléchargez sur http://fr.messenger.yahoo.com
>

-- 

"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)

More information about the Users mailing list