[Openswan Users] Gateway to Static IP, no ping
Arnab Chowdry
achowdry at berkeley.edu
Sat Jun 18 14:55:36 CEST 2005
> remove both leftfirewall settings and the double leftnexthop.
Oops, sorry. That was an error while cutting and pasting. Those lines are
only present once in the actual file.
> run 'ipsec verify'
On the gateway sever, ipsec verify shows everything [OK] (except for the TXT
stuff in the DNS section).
On the client computer, ipsec verify shows everything [OK] except:
Two or more interfaces found, checking IP forwarding [FAILED]
However, the client computer only has one network interface (eth0).
> - did you enable ip forwarding on hades?
Yes, it was enabled.
> - did you disable rp_filter ?
No, I hadn't done that. Thanks for the suggestion! After doing that, I can
ping the gateway computer. However, I still can't ping any of the computers
behind it.
> - check your firewall rules, they should allow proto 50, and proto udp
> port 500 and 4500.
I have 50 and 500 opened up, but I don't remember seeing any mention of port
4500. I've tried turning the whole firewall off, and that doesn't seem to
help.
It seems like I'm almost there...I just need to be able to access the
computers behind the gateway!
Here the updated information files for my current configuration (no
debugging info now, promise):
http://leafnode.net/ipsec/gateway.barf.txt
http://leafnode.net/ipsec/client.barf.txt
http://leafnode.net/ipsec/ipsec.conf (identical between computers)
Thanks for your help!
Arnab
More information about the Users
mailing list