[Openswan Users] Can't Ping across VPN

James House jhouse at pronetit.com
Thu May 4 12:18:39 CEST 2006


Thanks!

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: Thursday, May 04, 2006 10:57 AM
To: James House
Cc: 'OpenSWAN Users List'
Subject: RE: [Openswan Users] Can't Ping across VPN

On Thu, 4 May 2006, James House wrote:

> [root at JMH-LINUX ~]# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan U2.4.4/K2.6.16-1.2096_FC5 (netkey)
> Checking for IPsec support in kernel                            [OK]
> Checking for RSA private key (/etc/ipsec.secrets)               [FAILED]
> ipsec showhostkey: no default key in "/etc/ipsec.secrets"
> Checking that pluto is running                                  [OK]
> Two or more interfaces found, checking IP forwarding            [OK]
> Checking NAT and MASQUERADEing
> Checking for 'ip' command                                       [OK]
> Checking for 'iptables' command                                 [OK]
> Checking for 'setkey' command for NETKEY IPsec stack support    [OK]
> Opportunistic Encryption Support                                [DISABLED]

looks good.

> We're using PSK, so I think it's OK that the RSA key failed. Could you
offer
> some more info on "check forwarding, rp_filter, firewall, nat rules" ?

forwarding was checked by ipver verify, and rp_filter was disabled for you.
verify says that you are not using any MASQ or NAT rules, so those should
not be a problem either.
This might be your ISP filtering. Try enabling forceencaps=yes. That will
wrap IPsec packets in UDP packets.

Paul



More information about the Users mailing list