[Openswan Users] Cannot ping hosts behind OpenSWAN host
Jason Martin
jason.martin at metrixmatrix.com
Mon Feb 13 15:30:41 CET 2006
Hello,
I've started setting up an OpenSWAN 2.4.5rc4 host and I am having trouble
understanding why it is not working the way I want it to.
I have a test setup now that looks like this:
Intranet---OpenSWAN machine-- "Public" Windows XP machine
Intranet settings - 192.168.1.0/24
OpenSWAN settings - eth0: 192.168.1.212; eth1: 1.1.1.1 ("public" interface)
Windows XP machine - 1.1.1.2
The OpenSWAN and XP machines are directly connected with a crossover cable for
now. (Maybe this is where my problem is? Should I try this on an established
network?)
I've been using Nate Carlson's page for getting OpenSWAN working between a
Linux host and Windows roadwarrior with certificates
(http://www.natecarlson.com/linux/ipsec-x509.php). I've set up the
"roadwarrior" and "roadwarrior-net" connections on both machines, as in his
instructions. Currently, I can connect from the roadwarrior to the OpenSWAN
after pinging 1.1.1.1 from 1.1.1.2 (it does say "Negotiating IP Security"
once or twice, then I get ping replies). However, if I try pinging anything
on the intranet, then I see "Negotiating IP Security", then Request timed
out.
If I tcpdump -i eth1 during pinging of an intranet machine, I see an arp
request for the DNS name of the machine I'm pinging, and to let 1.1.1.2 know,
but I see nothing on eth0 regarding the ping.
One thing I am confused about is if OpenSWAN handles all NAT transversal and
knows how to route traffic to the proper interface on its own, or if iptables
does need to be set up to do ipmasqing, because that appears to be the
problem, although I've set up basic ipmasqing and it still does not work
properly.
I did leave out my config files, but I assure you they are exactly what Nate
has on his site.
Thank you very much in advance.
--
Jason Martin
Metrix Matrix, Inc.
785 Elmgrove Road, Building 1, Rochester, NY 14624
Office: 888-865-0065 Ext. 202
Mobile: (585) 721-8679
More information about the Users
mailing list