[Openswan Users] VPN over ADSL
Necati Demir
necati at labristeknoloji.com
Mon Nov 21 19:03:05 CET 2005
Paul Wouters wrote:
>On Mon, 21 Nov 2005, Necati Demir wrote:
>
>
>
>>>>#iptables -I INPUT -s IP_ADDR -j ACCEPT
>>>>#iptables -I OUTPUT -d IP_ADDR -j ACCEPT
>>>>
>>>>
>>>>
>>>Your forwarding policies are also relevant. Hency my question to run
>>>'ipsec verify'
>>>
>>>
>
>your forwarding policies are still unknown, I assume you dont filter
>anything.
>
>
>
>>Ok, i am sending 'ipsec verify' outputs of each hosts.
>>
>>[root at host2 root]# ipsec verify
>>Checking your system to see if IPsec got installed and started correctly:
>>Version check and ipsec on-path [OK]
>>Linux Openswan 2.4.3 (klips)
>>Checking for IPsec support in kernel [OK]
>>Checking for RSA private key (/etc/ipsec.secrets) [FAILED]
>>ipsec showhostkey: no default key in "/etc/ipsec.secrets"
>>Checking that pluto is running [OK]
>>Two or more interfaces found, checking IP forwarding [OK]
>>Checking NAT and MASQUERADEing [OK]
>>Checking for 'ip' command [OK]
>>Checking for 'iptables' command [OK]
>>Opportunistic Encryption Support [DISABLED]
>>
>>
>
>That lookds fine.
>
>
>
>>----
>>
>>[root at host1 root]# ipsec verify
>>Checking your system to see if IPsec got installed and started correctly:
>>Version check and ipsec on-path [OK]
>>Linux Openswan 2.4.3 (klips)
>>Checking for IPsec support in kernel [OK]
>>Checking for RSA private key (/etc/ipsec.secrets) [FAILED]
>>ipsec showhostkey: no default key in "/etc/ipsec.secrets"
>>Checking that pluto is running [OK]
>>Two or more interfaces found, checking IP forwarding [OK]
>>Checking NAT and MASQUERADEing
>>Checking for 'ip' command [OK]
>>Checking for 'iptables' command [OK]
>>Opportunistic Encryption Support [DISABLED]
>>
>>
>
>That too.
>
>Perhaps time to start running tcpdump and see what is going on.
>
>
>
I dont have any output of tcpdump now, but i used it before while
testing these VPN connections. So i can explain the output.
When i try to ssh host1 from host2, i see that that UDP packets comes
from host2, but it does not send packets.
And the same when i ssh host2 from host1.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: necati.vcf
Type: text/x-vcard
Size: 272 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20051121/8ade6966/necati.vcf
More information about the Users
mailing list