[Openswan Users] Ipsec Transport Problem
Paul Wouters
paul at xelerance.com
Mon Nov 13 12:02:54 EST 2006
On Thu, 9 Nov 2006, conn intel wrote:
[ diagram url from other post is: http://img87.imageshack.us/img87/6231/ipseccz7.jpg
> I am using IPSEC KLIPS 2.6 with NAT support on Gateway B and Host C, Client
> A is the normal host behind the Gateway B.. I am using type=transport in the
> ipsec.conf files for both the Gateway B and Host C.
Why type=transport? For regular vpn tunnels you should use type=tunnel.
> In the intial stage the tunnel is not getting up from Gateway B to HOST C,
> thus not able to ping from A to C.
>
> But I can successfully ping from Host C to Client A and then trying again
> getting successfull ping response from Client A to Host C which is not there
> before.
I am not sure I understand you. Are you trying to do dynamic tunnels that come
up and down on demand? Or are you bringing up your tunnels and then you can't
communicate in one directin, but once you communicate from the other end, it
starts working?
> If I want to use transport mode where i can use that either on GATEWAY B or
> on HOST C or on both ?
You can build IPsec connections between any two hosts you want, provided they
can reach each other (and aren't being firewalled on the IPsec protocol
and/or ports)
Paul
More information about the Users
mailing list