[Openswan Users]
Paul Wouters
paul at xelerance.com
Wed Nov 30 16:39:54 CET 2005
On Wed, 30 Nov 2005, David Wilson wrote:
> The Internal LAN range here in S.A is 192.168.0.0/24.
> The Internal LAN range in Germany is 129.50.0.0/16.
> Our public IP on our Linux server is 196.12.241.21.
> The public IP on the gateway we need to connect to is 81.79.160.12
>
> My problem is that when I run a (/etc/init.d/ipsec start), which I guess does
> something along the lines of (ipsec auto --up net-to-net), my remote SSH
> session to the server stops. Once this has happened, then I cannot get back
> into the server. My just connection times out, I can't even ping the Linux
> server.
Are you SSH'ing from one of the gateways? And is that gateway part of your
subnet. As soon as the gateways start talking encrypted, they will no longer
allow plaintext traffic. I can think of two scenario's here:
- You did not include leftsourceip= and rightsourceip= statements in your
subnet-subnet connection to fully include the gateways. (or alternatively,
you did not setup a host-host tunnel along your net-net tunnel)
- you did not include /etc/ipsec.d/examples/no_oe.conf and one or both of
your gateways is attempting to do OE.
> conn net-to-net
> authby=secret
> left=81.79.160.12
> leftsubnet=129.50.0.0/16
> leftnexthop=%defaultroute
> right=196.12.241.21
> rightsubnet=192.168.0.0/24
> rightnexthop=81.79.160.12
> auto=start
Try adding:
leftsourceip=129.50.a.b (where 129.50.a.b is the internal ip of 81.79.160.12
rightsourceip=192.168.c.d (where 192.168.c.d is the internal ip of 196.12.241.21
Paul
More information about the Users
mailing list