[Openswan Users] tunnel open, but tcp 443 stops working
John Stile
john at stilen.com
Sat Jan 21 17:03:52 CET 2006
Right after I initiate the tunnel, the right can access the left on
tcp443 and ping (ICMP). After some amount of time, the right can't ping
or access tcp443, but ipsec logs on both SGs show IKE communications
between the security gate ways, and the tunnel appears to be up. If I
send a ping from the left to the right, then the right can again ping
the left, but tcp443 is still not accessible.
What's going on?
I don't understand what is causing this.
I need some workaround.
Details about my setup:
left SG: Debian Sarge, openswan 2.2.0-8, kernel 2.6.8-2-686
right SG: Linksys rv082
Topology:
Linux Openswan clients/SG (192.168.60.11/24) <--Left
|
Linux router (192.168.60.1/192.168.50.195)
|
Pix-NAT (192.168.50.1/216.52.xxx.xxx) (static port map of port500 )
|
(Internet)
|
Linksys rv082/SG (24.70.xxx.xxx/192.168.0.1/24) <--Right
|
remote subnet (192.168.0.0/24)
#------------------------------------------------------------
ipsec.conf
#------------------------------------------------------------
version 2
config setup
interfaces=%defaultroute
klipsdebug="all"
plutodebug="all"
plutostderrlog=/var/log/ipsec.log
#nat_traversal=yes
conn tunnel1
left=192.168.60.11
leftid=216.52.xxx.xxx
leftnexthop=%direct
leftrsasigkey=%none
right=24.70.xxx.xxx
rightnexthop=24.70.xxx.1
rightsubnet=192.168.0.0/24
keyingtries=%forever
keylife=10000s
ikelifetime=3000s
auto=start
authby=secret
ike=3des-md5
pfs=yes
#BEGIN Section disables Opportunistic Encryption
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#END Section disables Opportunistic Encryption
More information about the Users
mailing list