[Openswan Users] transport mode problems?
John McMonagle
johnm at advocap.org
Thu Dec 7 18:54:01 EST 2006
Currently have 6 sites with firewalls doing subnet to subnet ipsec tunnels.
Works fine but want to switch to gre tunnels so I can run routing
protocols through them.
First trying to get transport mode working between 2 sites.
I commented out the subnets.
Shut down the connections
Replaced them.
I can not ping the other end either way.
tcpdump shows esp coming in on the remote end but no icmp.
Tried both transport and tunnel.
Tried changing every chain to accept one by one and it did not help.
I'm using shorewall for my firewall and if I shut it down on both ends
it works.
Both are connected directly to the Internet.
Both have snat and dnat setup.
Both use openswan 2.4.6 from debian backports.
Both use shorewall 2.2.3
Both use iptables 1.2.11
Both use the native 2.6 kernel ipsec.
One is running 2.6.15 kernel other is 2.6.12.3
Definably something going on I'm not thinking of :-(
Any ideas?
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: johnm.vcf
Type: text/x-vcard
Size: 250 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20061207/03d48f71/attachment.vcf
More information about the Users
mailing list