[Openswan Users] ping problem
Massimo Mazzoldi
mmazzoldi at direte.it
Thu Feb 2 15:57:31 CET 2006
Hi, all
I have a whole bunch of tunnels working with freeswan-1.99.
the main SA is now configurared to accept connection from a openswan 2.4.4 PC
with kernel 2.6.13.4.
(all PC are slackware linux).
this is net config:
192.168.16.6-----192.168.16.1------ 192.168.0.102----192.168.0.1
192.168.0.1 is main freeswan SA
192.168.16.6 is the Openswan SA
NO NAT is applied!
Other IP's are just routers.
-----------------file ipsec.conf------------------------
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.1 2005/07/26 12:28:39 ken Exp $
# This file: /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
interfaces="%defaultroute"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
conn %default
disablearrivalcheck=yes
authby=rsasig
auto=start
pfs=yes
keyingtries=0
rekey=yes
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
conn cormorano
# Left security gateway, subnet behind it, next hop toward right.
# Left è sempre in Locale in comune: wireLessmaster
left=192.168.0.1
leftid=@192.168.0.1
# RSA 2192 bits wirelessmaster Thu Jul 3 15:43:17 2003
leftrsasigkey=0sAQOGXIaZW9gqZCc8AeseVqXulvSqRnJVomediVHB4CGIPyncUwM1svfoLkg9BUyXyltwCtfY6brUHcdhmbCjsn13cmUkzxgw9cNpTL0sBoJNrnyJ+3xAMPhHYC1bPCmABxsSNaYiclGQ7YfmMXl24MtFD4WROJhwyiyBuYEo3nsTjBLiHNkm+LwecfGLnG+BdXR/fWxFvQcz1gXdA0ClRffD/H13djYzR85biVlsx/
KVGnaM2Mbxu4e4/EsjG+6AndFIom9eTXWBF5ZzF9z/XdeWvXbObPrB+7qrOaWUwYQIf+Maa0rFnLq7U6HC1JAx3FNBYb8SZj0qK7pYcJ3vli3whSd6mVqRgHwmYLYWWGEjFQm7
#leftsubnet=0.0.0.0/0
leftnexthop=192.168.0.102
#
#
# Right security gateway, subnet behind it, next hop toward left.
# Right è sempre il computer lontano in questo caso: fringuello
right=192.168.16.6
rightid=@192.168.16.6
rightnexthop=192.168.16.1
#rightsubnet=192.168.7.0/24
# RSA 2192 bits cormorano Wed Oct 26 17:41:02 2005
rightrsasigkey=0sAQP2RbizSlDwR0ilA2GdCYPwmyAMbJbwN6tlX4kCoPH+sKeUlZBSZMwJSRuTLE1MeZ5Nx5cAAbqOeUD/Wy12YWLytsmwxE972GT3lF+UDFrP4jue+MipCafMf/BkqAoaqNM3i4ywtYxayeo+/KcrOvpSs+M2j6zdfFaCSuvSpawffseon3HKCr8nCnZc1WGIPE4CZHX5+suOYxRH75QhrlocuBvoGMuQhyIaE9Ghr
tEO265ohaebW73YTL68fQZhlvtnPBRvIKAXHkWJrG9TcfFxPplICib9F7WzPJQzKRX0aQulZ7BzgQ5g+ct3gf4FCHKk5Y3kj07vTzkAVJmbXJBOxNhHwa121Rzpa2v486HeIaUN
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
auto=start
Everything works ok...
tunnel is brought up without any problem.
if I ping from 192.168.16.6... I see ping ESP packet gong to 192.168.0.1 back
and forth with tcpdump.
on eth0 I see also ECHO REPLAY messages...
yet nothing gets to the application.
I though it was a Firewall problem... yet even with firewall disabled nothing
changes.
I don't know what to look for any more..
is there any interoperabilità problem?
Does anyone know a way to get it working?
bye
Massimo
------------------------------------------------------
Ing. Massimo Mazzoldi
Responsabile Tecnico, Ricerca & Sviluppo
Cell 335 7886689
DiRete sc
Via G. Di Vittorio 85, 25010 Desenzano del Garda (BS)
P.IVA ed iscrizione Registro Imprese di BS: 02452020981
Iscrizione all'albo delle società cooperative: A139218
Tel. 030.2056109
Fax: 030.9902701
------------------------------------------------------
More information about the Users
mailing list