[Openswan Users] Ipsec connection doesn't work over PPP
antony at wayforth.co.uk
Thu Nov 9 12:44:40 EST 2006
Paul Wouters wrote:
> On Thu, 9 Nov 2006, Antony Gelberg wrote:
>> I have a roadwarrior config on my laptop (roadwarrior-net in the logs),
>> that works very well from outside the office, via ADSL connections,
>> whether my laptop has a public or static IP.
>> However, when I connect to the Internet via my mobile phone (ppp0 in the
>> logs), everything works apart from openswan. The SA comes up, but I
>> can't ping or do anything else via the gateway.
>> I've put a barf at http://static.wayforth.co.uk/ipsec_barf. Hope
> Some things I see:
> - Enable IP forwarding
> - Disable rp_filter on all interfaces
> - REcompile kernel with Advanced routing enabled.
Thanks for responding. I don't see why I need to do this when the same
configuration works with another Internet connection e.g. ADSL via eth0.
> conn roadwarrior-net
> I am somewhat confused wether I am looking at a client or server barf,
> since you mentioned the client was a phone.
Little confusion there. The client and server are both Linux-based.
The phone is used merely for its UMTS modem which manifests as ppp0 on
the client. You are looking at a client barf.
> Can you change left and right. There might be a bug with right=%defaultroute
> does not work as expected. If this is the server, it would need
> right=%any, not right=%defaultroute.
> You also need auto=add because you cannot initiate to %any, you need to wait
> for them to initiate to you.
> The logs show no problem, so it could be that ESP packets are being filtered.
> Try adding "forceencaps=yes" to roadwarrior-net. It will cause NAT-T to kick
> in and use ESPinUDP packets instead of ESP. Perhaps those are not filtered.
I'll try that and report back, thank you.
More information about the Users