[Openswan Users] Fwd: Tunnel working "one way only"
Antonio Ávila
elessarvrp at gmail.com
Mon Apr 2 13:25:42 EDT 2007
Hi all, I'm a newbie in ipsec issues, and I'm hanged up with a problem. I
was able to configure the tunnel, but the tunnel is only working in one way.
Let me show you the net topology and the configuration files:
Network:
10.1.2.0/24-------192.168.2.2====TUNNEL====192.168.2.1---------192.168.1.0/24
The left box is a Ubuntu linux with kernel 2.6.17 with NETKEY openswan
version 2.4.7, the left box is an openwrt device with kernel 2.6.19 and
KLIPS 2.4.7. The two machines are connected directly one to the other.
I have a virtual interface in the left box with IP 10.1.2.3.
#################################
#IFCONFIG #
########
eth1 Link encap:Ethernet HWaddr 00:16:17:C7:E4:EC
inet addr:192.168.2.2 Bcast:192.168.2.255 Mask: 255.255.255.0
inet6 addr: fe80::216:17ff:fec7:e4ec/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25332 errors:0 dropped:0 overruns:0 frame:0
TX packets:359042 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3824929 (3.6 MiB) TX bytes:55525791 (52.9 MiB)
Interrupt:177
eth1:1 Link encap:Ethernet HWaddr 00:16:17:C7:E4:EC
inet addr:10.1.2.3 Bcast:10.1.2.255 Mask: 255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:177
###################################
The RIGHT box has the following config
eth0.1 Link encap:Ethernet HWaddr 00:30:AB:28:38:9E
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask: 255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7485 errors:0 dropped:0 overruns:0 frame:0
TX packets:2627 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:5
RX bytes:2701698 (2.5 MiB) TX bytes:1032886 (1008.6 KiB)
br-lan Link encap:Ethernet HWaddr 00:30:AB:28:38:9F
inet addr: 192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:2290 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 ( 0.0 B) TX bytes:0 (0.0 B)
The machine connected to the br-lan of the right box has the ip 192.168.1.2.
In the right and the left machine iptables are empty and their policies are
ACCEPT by default. In the Right box I have ip_forward activated.
----------------------------------------------------------------------------
Ok that's the network configuration, now I want to show you the
ipsec.confand the
ipsec.secrets config files:
LEFT BOX:
#ipsec.conf
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
conn tunnconn
type=tunnel
left=192.168.2.2
leftnexthop=192.168.2.1
right=192.168.2.1
rightnexthop=192.168.2.2
leftsubnet= 10.1.2.0/24
rightsubnet=192.168.1.0/24
esp=3des-md5-96
authby=secret
auto=start
##############
# ipsec.secrets
192.168.2.2 192.168.2.1: PSK "test"
###################
The configuration in the left box is the same like this but now left* is
right* and vice versa.
###########
Ok, well so with this escenary working having a look to /var/log/auth.log I
can see how the tunnel is stablished between the two boxes, the first phase
is succesful and the second is
succesful too. And once stablished I made the first test, pinging from
10.1.2.3 to 192.168.1.1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070402/b088f6fa/attachment.html
More information about the Users
mailing list