[Openswan Users] Can't Ping across VPN

Thu May 4 09:22:54 CEST 2006

Hi,

I'm trying to setup a net-net vpn with a friend. We live in the same
apartment complex and both have cable modems. We both have Linux machines as
our firewall/gateway. Mine is FC5 and his is Kubuntu. Here's the result of
"ipsec auto -status"

[root at JMH-LINUX ~]# ipsec auto --status

000 interface lo/lo ::1

000 interface lo/lo 127.0.0.1

000 interface lo/lo 127.0.0.1

000 interface eth0/eth0 68.63.78.164

000 interface eth0/eth0 68.63.78.164

000 interface eth1/eth1 192.168.1.1

000 interface eth1/eth1 192.168.1.1

000 %myid = (none)

000 debug none

000

000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64

000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192

000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40,
keysizemax=448

000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0

000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256

000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128

000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160

000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256

000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0

000

000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192

000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128

000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16

000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20

000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024

000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536

000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048

000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072

000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096

000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144

000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192

000

000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}

000

000 "net-to-net":
192.168.1.0/24===68.63.78.164---68.63.78.129...68.63.78.129---68.63.31.50===
192.168.2.0/24; erouted; eroute owner: #14

000 "net-to-net":     srcip=unset; dstip=unset; srcup=ipsec _updown;
dstup=ipsec _updown;

000 "net-to-net":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0

000 "net-to-net":   policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24;
interface: eth0;

000 "net-to-net":   newest ISAKMP SA: #19; newest IPsec SA: #14;

000 "net-to-net":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536

000

000 #14: "net-to-net":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 12481s; newest IPSEC; eroute owner

000 #14: "net-to-net" esp.4df02447 at 68.63.31.50 esp.29f0933 at 68.63.78.164
tun.0 at 68.63.31.50 tun.0 at 68.63.78.164

000 #19: "net-to-net":500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 421s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)

000

[root at JMH-LINUX ~]#

It looks like the VPN is up, but we can't ping anything on the other side.
We've both looked everywhere for something that addresses this issue, but
can't find any help. Could you help us?

Thanks,

James House

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060504/98c0b9b4/attachment.htm