[Openswan Users] Simple setup but its not working

Paul Wouters paul at xelerance.com
Mon Jan 17 12:48:15 CET 2005


On Sun, 16 Jan 2005, Glover George wrote:

> success. I have to networks, 192.168.0.0 and 192.168.3.0, and am
> trying to tunnel between them.  The two firewall (endpoints of the
> tunnel) are both running Fedora Core 3.  I am using the exact same
> ipsec.conf files from the www.ipsec-howto.org for the tunnel setup,
> except for the relevant changes to represent my network.

First of all, thanks to RedHat there is now confusion about ipsec.conf.
Openswan (and freeswan in the old days) used "ipsec.conf" for its
configuration. RedHat, when using ipsec-tools, which uses racoon and
setkey, decicded to call their setkey script 'ipsec.conf'.

So, in short. You're asking the wrong people here, since this is the
Openswan list, and we are not Racoon/setkey experts.

> Sitting on 192.168.0.1, i run tcpdump with "tcpdump -i eth0 src host
> 192.168.3.1", and wait.  Then from the same machine i also try a
> telnet session to 192.168.3.1.   I then see the replies coming back
> for the telnet session!!  So the packet makes it all the way to the
> other side and back, but the telnet application just hangs at "Escape
> character is '^]'".   SSH hangs similarly as well.

This could be path mtu problems, which happens on NETKEY kernels.

> corrupted.  Why would ping work but everything else doesn't?

MTU problems.

Paul
-- 

"At best it is a theory, at worst a fantasy" -- Michael Crichton



More information about the Users mailing list