[Openswan Users] VPN over ADSL

Necati Demir necati at labristeknoloji.com
Mon Nov 21 19:03:05 CET 2005 

Paul Wouters wrote:

>On Mon, 21 Nov 2005, Necati Demir wrote:
>
>  
>
>>>>#iptables -I INPUT -s IP_ADDR -j ACCEPT
>>>>#iptables -I OUTPUT -d IP_ADDR -j ACCEPT
>>>>
>>>>        
>>>>
>>>Your forwarding policies are also relevant. Hency my question to run
>>>'ipsec verify'
>>>      
>>>
>
>your forwarding policies are still unknown, I assume you dont filter
>anything.
>
>  
>
>>Ok, i am sending 'ipsec verify' outputs of each hosts.
>>
>>[root at host2 root]# ipsec verify
>>Checking your system to see if IPsec got installed and started correctly:
>>Version check and ipsec on-path                                 [OK]
>>Linux Openswan 2.4.3 (klips)
>>Checking for IPsec support in kernel                            [OK]
>>Checking for RSA private key (/etc/ipsec.secrets)               [FAILED]
>>ipsec showhostkey: no default key in "/etc/ipsec.secrets"
>>Checking that pluto is running                                  [OK]
>>Two or more interfaces found, checking IP forwarding            [OK]
>>Checking NAT and MASQUERADEing                                  [OK]
>>Checking for 'ip' command                                       [OK]
>>Checking for 'iptables' command                                 [OK]
>>Opportunistic Encryption Support                                [DISABLED]
>>    
>>
>
>That lookds fine.
>
>  
>
>>----
>>
>>[root at host1 root]# ipsec verify
>>Checking your system to see if IPsec got installed and started correctly:
>>Version check and ipsec on-path                                 [OK]
>>Linux Openswan 2.4.3 (klips)
>>Checking for IPsec support in kernel                            [OK]
>>Checking for RSA private key (/etc/ipsec.secrets)               [FAILED]
>>ipsec showhostkey: no default key in "/etc/ipsec.secrets"
>>Checking that pluto is running                                  [OK]
>>Two or more interfaces found, checking IP forwarding            [OK]
>>Checking NAT and MASQUERADEing
>>Checking for 'ip' command                                       [OK]
>>Checking for 'iptables' command                                 [OK]
>>Opportunistic Encryption Support                                [DISABLED]
>>    
>>
>
>That too.
>
>Perhaps time to start running tcpdump and see what is going on.
>
>  
>
I dont have any output of tcpdump now, but i used it before while 
testing these VPN connections. So i can explain the output.

When i try to ssh host1 from host2, i see that that UDP packets comes 
from host2, but it does not send packets.
And the same when i ssh host2 from host1.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: necati.vcf
Type: text/x-vcard
Size: 272 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20051121/8ade6966/necati.vcf

More information about the Users mailing list