[Openswan Users] ping problem
Paul Wouters
paul at xelerance.com
Thu Feb 2 17:08:22 CET 2006
On Thu, 2 Feb 2006, Massimo Mazzoldi wrote:
> leftid=@192.168.0.1
That's not the proper way to set an id to an ip address. You can either
leave it out (it will default to the IP address) or use a hostname, or
use a string (which starts with @)
> Everything works ok...
> tunnel is brought up without any problem.
>
> if I ping from 192.168.16.6... I see ping ESP packet gong to 192.168.0.1 back
> and forth with tcpdump.
> on eth0 I see also ECHO REPLAY messages...
Check with ipsec verify. Is forwarding enabled? Is NAT not touching the
packets?
You might "also see" packets that appear in plaintext on the openswan
machine if it is running netkey (check with ipsec --version). That is
'normal'. They will not go out plaintext, but will go encrypted.
Paul
More information about the Users
mailing list