[Openswan Users] pinging one way and not the other
mlist
mlist at opendoor.fr
Wed Sep 7 12:46:48 CEST 2005
hello list
i have pb setting up something as simple as interconnection with
preshared key.
topology is as follow:
net 1 is 10.0.0.0/8 with public ip x.x.x.x
net 2 is 192.168.10.0/24 with public ip y.y.y.y
configuration for gateway 1:
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces = "%defaultroute"
klipsdebug = none
plutodebug = all
uniqueids = yes
include /etc/ipsec.d/examples/no_oe.conf
conn od_test
type = tunnel
pfs = yes
left = %defaultroute
right = y.y.y.y
rightsubnet = 192.168.10.0/255.255.255.0
leftsubnet = 10.0.0.0/255.0.0.0
auto = start
keyexchange = ike
authby = secret
auth = esp
keyingtries = 0
esp = 3DES-SHA1
ike = 3DES-SHA-MODP1024
ikelifetime = 61m
keylife = 3637
rekeyfuzz = 1%
rekeymargin = 60m
configuration for gateway 2 is the same, except for left and right stuff
which have been edited accordingly.
/etc/init.d/ipsec start on both sides gives no error
ipsec auto --status gives the following
000 #1: pending Phase 2 for "od_test" replacing #0
000 #1: pending Phase 2 for "od_test" replacing #0
000
000 192.168.10.5/32:0 -6-> 10.0.0.4/32:0 => %hold 0 %acquire-netlink
then the funny part:
gateway cannot ping each other, but for what i know this is kind of
expected.
hosts from net 1 _can_ ping hosts in net 2
hosts in net 2 _cannot_ ping hosts in net 1
ping is the only thing working, vnc, ssh, telnet dont work.
i bet this is a routing or firewall problem, but i cant put my finger on it.
any help will be very much appreciated
thanks in advance
--
thomas Constans
04 78 68 17 34
www.opendoor.fr
thomas.constans at opendoor.fr
More information about the Users
mailing list