[Openswan Users] Openswan 2.4.6 to Cisco
Rui Santos
ruisantos at iname.com
Tue Aug 22 07:07:00 EDT 2006
Hi again,
I've been able to establish a tunnel (there was an incorrect MASK on the
cisco for the network on their side) and the tunnel seems to be up.
My current problem is that they don't seem to receive any traffic on
the other side. If I do a tcpdump on the ipsec0 interface I can see
traffic going in.
Doing an ipsec verify I get:
Version check and ipsec on-path [OK]
Linux Openswan 2.4.6 (klips)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking tun0x1002 at 85.205.197.36 from 10.0.0.0/8 to 85.205.196.64/28
[FAILED]
SNAT from 0.0.0.0/0 to 0.0.0.0/0 kills tunnel 0.0.0.0/0 -> c.c.c.c/28
[FAILED]
SNAT from 0.0.0.0/0 to 0.0.0.0/0 kills tunnel 0.0.0.0/0 -> c.c.c.c/28
[FAILED]
SNAT from 10.0.0.0/8 to 0.0.0.0/0 kills tunnel 10.0.0.0/8 -> c.c.c.c/28
[FAILED]
SNAT from 10.0.0.0/8 to 0.0.0.0/0 kills tunnel 10.0.0.0/8 -> c.c.c.c/28
[FAILED]
SNAT from 10.0.0.0/8 to 0.0.0.0/0 kills tunnel 10.0.0.0/8 -> c.c.c.c/28
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
I do have SNAT rules but they aren't in the form specified on ipsec verify,
they all have a destination address configured. Is this a bug?
Rui Santos
--
___________________________________________________
Play 100s of games for FREE! http://games.mail.com/
More information about the Users
mailing list