[Openswan Users] Re: [Shorewall-users] GRE over IPSec to Cisco problems

John Serink jserink2004 at yahoo.com
Sun Jul 16 19:34:28 CEST 2006


Hi Tom:

First, thank you for the help thus far.
Ok, I know that I will need a route to 192.168.1.0\28
eventually, but my problem is I can't ping the
opposite ends of the thunnel from each side. The pings
from the Cisco are getting to the Linux box as shown
in the tcpdump...the linux box then responds but it
deems the Linux reponses are NOT getting encrypted by
Openswan ans there is no ESP packet leaving ppp1. When
the pings arrive from the cisco, first an ESP packet
arrives and then the decoded icmp is there...at least
that's what it looks like to me.

I'll have to check my shorewall setup, especially the
shorewall.conf to make sure I'm writing everything to
the log as presently, nothing is showing up in syslog
to give me a clue.

cheers,
john

--- Tom Eastep <teastep at shorewall.net> wrote:

> On Sun, 2006-07-16 at 10:31 -0700, John Serink
> wrote:
> 
> > Note: I've not yet added route, I want to get the
> > tunnel up and pinging first.
> 
> I suspect that you need a route to 192.168.1.1 via
> GDC1.
> 
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a
> sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep at shorewall.net
> PGP Public Key   \
> https://lists.shorewall.net/teastep.pgp.key
> > 
>
-------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support
> web services, security?
> Get stuff done quickly with pre-integrated
> technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1
> based on Apache Geronimo
>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > _______________________________________________
> Shorewall-users mailing list
> Shorewall-users at lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/shorewall-users
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the Users mailing list