[Openswan Users] SA established but not ping (2nd act)
Delta Yeh
delta.yeh at gmail.com
Wed Oct 19 10:04:07 CEST 2005
Did you turn ip_forward on?
ip_forward should be 1 instead of 0 on the openswan host.
On 10/19/05, Lelio Parisi <piccololean at yahoo.it> wrote:
>
> I've succesfully installed openswan with klips (thanks
> to Paul Wouters and David Coulson). Now I have the
> ipsecx interfaces without the segmentation fault.
> As I said some days ago, I've a pix on a site and
> openswan on the other. The subnet behind pix is
> 10.0.0.x and the subnet behind openswan is 192.168.0.x
> The SA is established well but the pc 192.168.0.x
> doesn't ping the 10.0.0.x
> I think that the access-list on pix is right because I
> can ping the 10.0.0.x if I use windows client.
> Here's my conf (as David asks before)
>
> version 2.0
>
> config setup
> interfaces="ipsec0=ppp0"
> klipsdebug=none
> #plutodebug=none
> #plutoload=%search
> #plutostart=%search
> uniqueids=yes
> nat_traversal=yes
>
> conn %default
> keyingtries=0
> disablearrivalcheck=no
> authby=secret
>
> conn pix
> #type = tunnel
> left=xxx.xxx.xxx.xxx
> leftsubnet=192.168.0.0/24 <http://192.168.0.0/24>
> leftprotoport=17/0
> #leftnexthop=%defaultroute
> right=yyy.yyy.yyy.yyy
> rightsubnet=10.0.0.0/24 <http://10.0.0.0/24>
> rightid=172.17.32.13 <http://172.17.32.13>
> rightprotoport=17/0
> authby=secret
> #esp=3des-md5-hmac
> #keyexchange = ike
> pfs=no
> auto=add
>
>
>
>
> ___________________________________
> Yahoo! Messenger: chiamate gratuite in tutto il mondo
> http://it.messenger.yahoo.com
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20051019/41b579c0/attachment.htm
More information about the Users
mailing list