[Openswan Users] Interop with Linksys: SA established, but no traffic coming through
Michael Tinsay
tinsami1 at yahoo.com
Wed Dec 5 02:29:44 EST 2007
----- Original Message ----
> From: Paul Wouters <paul at xelerance.com>
> To: Michael Tinsay <tinsami1 at yahoo.com>
> Cc: users at openswan.org
> Sent: Wednesday, December 5, 2007 1:47:12 PM
> Subject: Re: [Openswan Users] Interop with Linksys: SA established, but no traffic coming through
>
> On Tue, 4 Dec 2007, Michael Tinsay wrote:
>
> > Pinging a servers behind the Linksys router gives me 'TTL exceed'
errors, which
>
> Do a traceroute. It's most likely a routing loop.
Traceroute is showing the packets are not being sent to my VPN router, but to my other router. Does this mean it is not being sent through the tunnel?
> > ppp0 Link encap:Point-to-Point Protocol
> > inet addr:122.52.36.27 P-t-P:10.64.64.64
Mask:255.255.255.255
> >
> wow. If you can switch ISP's, now would be a good time to do so. Their
> network is ugly
>
> Try:
>
> route del default
> route add -host 10.64.64.64 ppp0
> route add default gw 10.64.64.64
> ipsec setup restart
>
> also, check with 'ipsec verify' to see if there are any other issues.
Here:
hecking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.9/K2.6.22-14-generic (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets) [DISABLED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
> if all of that doesnt help, post a link to you "ipsec barf" output to
> the list for us to have a look at.
Ok. I'll post it in a little while.
Also, I tried putting the servers' subnet (222.222.222.0/24) into /etc/ipsec.d/policies/private to check if that will force tunneling. Sadly, it did not change anything.
>
> Paul
Regards.
Mike T.
More information about the Users
mailing list