[Openswan Users] ping problem

Massimo Mazzoldi mmazzoldi at direte.it
Thu Feb 2 15:57:31 CET 2006


Hi, all

I have a whole bunch of tunnels working with freeswan-1.99.
the main SA is now configurared to accept connection from a openswan 2.4.4 PC
with kernel 2.6.13.4.
(all PC are slackware linux).

this is net config:

192.168.16.6-----192.168.16.1------ 192.168.0.102----192.168.0.1

192.168.0.1 is main freeswan SA
192.168.16.6 is the Openswan SA

NO NAT is applied!

Other IP's are just routers.

-----------------file ipsec.conf------------------------
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.1 2005/07/26 12:28:39 ken Exp $

# This file:  /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration

config setup
        # THIS SETTING MUST BE CORRECT or almost nothing will work;
        interfaces="%defaultroute"
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        klipsdebug=none
        plutodebug=none

conn %default
        disablearrivalcheck=yes
        authby=rsasig
        auto=start
        pfs=yes
        keyingtries=0
        rekey=yes

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

conn cormorano
        # Left security gateway, subnet behind it, next hop toward right.
        # Left è sempre in Locale in comune: wireLessmaster
        left=192.168.0.1
        leftid=@192.168.0.1
        # RSA 2192 bits   wirelessmaster   Thu Jul  3 15:43:17 2003
     
leftrsasigkey=0sAQOGXIaZW9gqZCc8AeseVqXulvSqRnJVomediVHB4CGIPyncUwM1svfoLkg9BUyXyltwCtfY6brUHcdhmbCjsn13cmUkzxgw9cNpTL0sBoJNrnyJ+3xAMPhHYC1bPCmABxsSNaYiclGQ7YfmMXl24MtFD4WROJhwyiyBuYEo3nsTjBLiHNkm+LwecfGLnG+BdXR/fWxFvQcz1gXdA0ClRffD/H13djYzR85biVlsx/
KVGnaM2Mbxu4e4/EsjG+6AndFIom9eTXWBF5ZzF9z/XdeWvXbObPrB+7qrOaWUwYQIf+Maa0rFnLq7U6HC1JAx3FNBYb8SZj0qK7pYcJ3vli3whSd6mVqRgHwmYLYWWGEjFQm7
        #leftsubnet=0.0.0.0/0
        leftnexthop=192.168.0.102
        #
        #
        # Right security gateway, subnet behind it, next hop toward left.
        # Right è sempre il computer lontano in questo caso: fringuello
        right=192.168.16.6
        rightid=@192.168.16.6
        rightnexthop=192.168.16.1
        #rightsubnet=192.168.7.0/24
        # RSA 2192 bits   cormorano   Wed Oct 26 17:41:02 2005
       
rightrsasigkey=0sAQP2RbizSlDwR0ilA2GdCYPwmyAMbJbwN6tlX4kCoPH+sKeUlZBSZMwJSRuTLE1MeZ5Nx5cAAbqOeUD/Wy12YWLytsmwxE972GT3lF+UDFrP4jue+MipCafMf/BkqAoaqNM3i4ywtYxayeo+/KcrOvpSs+M2j6zdfFaCSuvSpawffseon3HKCr8nCnZc1WGIPE4CZHX5+suOYxRH75QhrlocuBvoGMuQhyIaE9Ghr
tEO265ohaebW73YTL68fQZhlvtnPBRvIKAXHkWJrG9TcfFxPplICib9F7WzPJQzKRX0aQulZ7BzgQ5g+ct3gf4FCHKk5Y3kj07vTzkAVJmbXJBOxNhHwa121Rzpa2v486HeIaUN
        # To authorize this connection, but not actually start it, at startup,
        # uncomment this.
        auto=start


Everything works ok...
tunnel is brought up without any problem.

if I ping from 192.168.16.6... I see ping ESP packet gong to 192.168.0.1 back
and forth with tcpdump.
on eth0 I see also ECHO REPLAY messages...



yet nothing gets to the application.

I though it was a Firewall problem... yet even with firewall disabled nothing
changes.
I don't know what to look for any more..

is there any interoperabilità problem?
Does anyone know a way to get it working?


bye
Massimo


------------------------------------------------------
Ing. Massimo Mazzoldi
Responsabile Tecnico, Ricerca & Sviluppo
Cell 335 7886689
 
DiRete sc
Via G. Di Vittorio 85, 25010 Desenzano del Garda (BS)
P.IVA ed iscrizione Registro Imprese di BS: 02452020981
Iscrizione all'albo delle società cooperative: A139218
Tel. 030.2056109 
Fax: 030.9902701
------------------------------------------------------




More information about the Users mailing list