[Openswan Users] VPN over ADSL
Paul Wouters
paul at xelerance.com
Mon Nov 21 17:56:44 CET 2005
On Mon, 21 Nov 2005, Necati Demir wrote:
> > > #iptables -I INPUT -s IP_ADDR -j ACCEPT
> > > #iptables -I OUTPUT -d IP_ADDR -j ACCEPT
> > >
> >
> > Your forwarding policies are also relevant. Hency my question to run
> > 'ipsec verify'
your forwarding policies are still unknown, I assume you dont filter
anything.
>
> Ok, i am sending 'ipsec verify' outputs of each hosts.
>
> [root at host2 root]# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan 2.4.3 (klips)
> Checking for IPsec support in kernel [OK]
> Checking for RSA private key (/etc/ipsec.secrets) [FAILED]
> ipsec showhostkey: no default key in "/etc/ipsec.secrets"
> Checking that pluto is running [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking NAT and MASQUERADEing [OK]
> Checking for 'ip' command [OK]
> Checking for 'iptables' command [OK]
> Opportunistic Encryption Support [DISABLED]
That lookds fine.
> ----
>
> [root at host1 root]# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan 2.4.3 (klips)
> Checking for IPsec support in kernel [OK]
> Checking for RSA private key (/etc/ipsec.secrets) [FAILED]
> ipsec showhostkey: no default key in "/etc/ipsec.secrets"
> Checking that pluto is running [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking NAT and MASQUERADEing
> Checking for 'ip' command [OK]
> Checking for 'iptables' command [OK]
> Opportunistic Encryption Support [DISABLED]
That too.
Perhaps time to start running tcpdump and see what is going on.
Paul
More information about the Users
mailing list