[Openswan Users] routing problem very strange
Ameli Luca
lameli at medimatica.com
Mon Nov 21 10:46:34 CET 2005
I have linux kernel 2.4.31 and Linux Openswan 2.4.4 (klips)
I have 2 tunnel , one tunnel is a winxp <---> linuxbox
two tunnel is a linksys <---> linuxbox
All tunnel is going up with no problem, the connections is up and running
but :
The linux box see e use all machine and all service (netbios or apache) in
the linksys network but the linksys network can't use any machines or
services in the linux box network.
The strange is that the linksys network can ping some machine on the linuxbox
network some but not all. NO firewall is up in other network
The winxp is = . the winxp can ping all machine in the linuxbox gatway but
can use any services.
My configurations in the linuxbox is:
echo '1' > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo '1' > /proc/sys/net/ipv4/icmp_echo_ignore_broadcast
echo '1' > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo '0' > /proc/sys/net/ipv4/tcp_ecn
the ipsec.conf is :
version 2.0
config setup
interfaces=%defaultroute
forwardcontrol=no
klipsdebug=none
plutodebug=none
nat_traversal=no
conn medimatica-winxp
authby=secret
disablearrivalcheck=no
pfs=no
left=81.174.16.70
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
compress=yes
auto=add
conn medimatica-linksys
authby=secret
pfs=yes
left=81.174.16.70
leftsubnet=192.168.0.0/24
right=%any
rightsubnet=192.168.1.0/24
keyexchange=ike
ikelifetime=240m
keylife=60m
compress=no
auto=add
conn OEself
auto=ignore
conn clear
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn block
auto=ignore
conn packetdefault
auto=ignore
the ipsec.secrets is:
: RSA {
# RSA 2192 bits Vpn Fri Nov 11 12:37:41 2005
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQOAf+eSnJCvY/2Uh46r7ZrNW0Htd5Y6/tskdzsIUo4yYEWV9Lcy3ptYuQy/
eCPGJCbgYorrUSeeCSy92C3V2mnaOUtN1WgSvPHRt+hBFYPH5zr54CPL/o+EGONqfCfc0LuaknB+s9
bgYUd51iR9YyTxLDQueuhctpCt48r7vsnt9XKoJh5/eDfy/dTlW/8lYs1xvzfTvVAoV5+WDeAVCwdi
6w8hE6HLFiJsLxokobvsC3+khYSi/DDlMW3s+iT2tcNNAZwqBnsLGTn3Q/nxCMzo9SMHkog2L9CB6t
h7HQ6Y9IuvRUDslNSNqPqkna+rCMOFEvV00OVAg1vnQfYF+iASXd3g/HUfknfTtVzWGbM6o/2l
Modulus:
0x807fe7929c90af63fd94878eabed9acd5b41ed77963afedb24773b08528e32604595f4b732de
9b58b90cbf7823c62426e0628aeb51279e092cbdd82dd5da69da394b4dd56812bcf1d1b7e84115
83c7e73af9e023cbfe8f8418e36a7c27dcd0bb9a92707eb3d6e0614779d6247d6324f12c342e7a
e85cb690ade3cafbbec9edf572a8261e7f7837f2fdd4e55bff2562cd71bf37d3bd5028579f960d
e0150b0762eb0f2113a1cb16226c2f1a24a1bbec0b7fa48584a2fc30e5316decfa24f6b5c34d01
9c2a067b0b1939f743f9f108cce8f523079288362fd081ead87b1d0e98f48baf4540ec94d48da8
faa49dafab08c38512f574d0e540835be741f605fa20125ddde0fc751f9277d3b55cd619b33aa3
fda5
PublicExponent: 0x03
# everything after this point is secret
PrivateExponent:
0x156aa6986f6d7290aa436bed1ca799cce48afce943b47fcf30be89d6b86d086560ee5373ddcf
c48ec9821fe95b4bb0b12565c1d1e2dbefac321fa407a3a466f9b43737a3915874d2f84951602e
40a151347efab0a1ffc2960425e714b14f781f446dbd6a734e7abae13ef90614e5db7d875e07bf
26ba1e6d7250a1d49fcc5253931c065a6a9409532a0e47ca539ffc2ddfb98b39af3f0040ee78a6
59b1552898b141de16b739a33390ea84826f9806321c49fb4c6fd29c05c230fc56bf08f05e3046
56e4200fdc8077e9febb2ece58538b508b3caa3b2b0bc5d7bf96bd17534330d6fa0b56ad66bd01
37e558e3b67e0d196bc077fd4579e081041acfb320f907313572d40f180b2383a0515091675ddc
dcfb
Prime1:
0xfd63e8f8ab426239f9340ce685c5c50396e34c7553a08fedc17b5925ce80590214f9238f8af4
b58e12870519b3760066c7bed164b1b6d9a7c30468daad7b004c4b3005d8a9579c272e8cf33934
1d104d99444ff35a31b16af30b220a7688c74025828c3562f7e8ce03a12cbe40a3814b3ab0beab
032da7a4969e7581624e6825733d68a8fd304adc09
Prime2:
0x81d2b510ba3757f96cc06cbb50610d052b447977b8733ed5c2713230a2c294049b05f274a0d2
2947d61ab4ea5912c23d804420460f5cb483988e686b6e65161e301b90ff8963578a113733519f
1079914316a2bb2873affbb25ddada0de3586185c1fc24011c8c1e88d1782303c1bf0a93f05928
311c3f9206918e992d013a9880378a0849d72bf3bd
Exponent1:
0xa8ed45fb1cd6ec26a622b344592e8357b9ecdda38d15b5492ba790c3df003b56b8a617b5074d
ce5eb704ae11224eaaef2fd48b987679e66fd75845e71e520032dccaae9070e512c4c9b34cd0cd
68b58910d8354ce6cbcb9ca2076c06f9b084d56e570823974ff08957c0c87ed5c2563227207f1c
acc91a6db9bef900ec34456e4cd39b1b5375873d5b
Exponent2:
0x568c78b5d17a3aa64880487ce040b358c782fba525a229e3d6f62175c1d70d5867594c4dc08c
1b8539672346e60c817e5582c02eb4e87857bb099af24998b9697567b5ffb0ece506b624cce114
b5a660d7646c7cc5a2755276e93c915e97904103d6a81800bdb2bf05e0fac202812a070d4ae61a
cb682a6159b65f10c8ab7c65aacfb15adbe4c7f7d3
Coefficient:
0x3b889acd664f43806050e5dacc06d9201d8338b173543b25dc979bd1a2d5911cfa48d78d5893
f4681f26303bbed9ce64a5d0ea15f93dafaadaa93ed2c70aab44d7eda47410b4bab5dda7057ab7
01b67629272815f11a485bd57165992f02105055ebd468fc531ed7b18233bda7d427cdfcefa092
7844abd959fc68086311023363ba3cbd5f62b99052
}
# do not change the indenting of that "}"
81.174.16.70 %any : PSK "lamiapsklausoio"
the l2tpd.conf
[global]
listen-addr = 81.174.16.70
port = 1701
[lns default]
ip range = 192.168.0.253-192.168.0.254
local ip = 81.174.16.70
require chap = yes
refuse pap = yes
require authentication = yes
name = Medimatica-VPN
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
and options.l2tpd file :
ipcp-accept-local
ipcp-accept-remote
ms-dns 192.168.0.105
ms-wins 192.168.0.130
auth
crtscts
idle 1800
nodefaultroute
mtu 1200
mru 1200
debug
lock
proxyarp
connect-delay 5000
nologfd
what is the command for define the gatway for the network ?
i try ms-gatway but don't work
eth0 is an internal network
eth1 is a fixed ip for internet
after connections :
ipsec0 is a eth1 ip
ppp0 is a eth1 ip
My first openswan is 2.4.3 i have try try try :D after i have upgrade at 2.4.4
but never ..... help
Please help me.
--
Open WebMail Project (http://openwebmail.org)
More information about the Users
mailing list