[Openswan Users] OpenSwan Connection Problems

Dale Taylor dale at bluehall.net
Wed Feb 28 05:34:47 EST 2007 

Sounds like your iptables are not configured correctly, check to make sure
there is a rule in to allow the other network to connect.

Dale

-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Bradish, Simon
Sent: 28 February 2007 10:03
To: users at openswan.org
Subject: [Openswan Users] OpenSwan Connection Problems

Hi

Very very new to OpenSwan and IPSec so please forgive any newbie errors.
I have some problems with the following setup...

10.2.2.0/24 >---< 10.2.2.1 :OpenSwan GW #1: External IP Address NATed to
10.248.1.193 >---->>>

(Left)

INTERNET

(Right)

<<<----< External IP Address NATed to 10.30.1.217 :OpenSwan Gw #2:
10.248.49.246 >---< 10.248.49.0/24

Right config file as follows:

nat_traversal=yes

conn test
        # Remote Machine
        left=OpenSwan GW #2 External IP Address
        leftid=@fmcgw
        # Remote subnet we are to access
        leftsubnet=10.2.2.0/24
        # Remote machines key
	  leftrsasigkey=
        # This machine
        right=10.30.1.217
        rightid=@six
        # Subnet we wish the far side to access
        rightsubnet=10.248.49.0/24
        # This machines key
        rightrsasigkey=
        auto=add

Left config file as follows:

nat_traversal=yes

conn test
        # This Machine
        left=10.248.1.193
        leftid=@fmcgw
        # Subnet we wish the far side to access
        leftsubnet=10.2.2.0/24
        # This machines key
	  leftrsasigkey=
        # Remote machine
        right= OpenSwan GW #1 External IP Address
        rightid=@six
        # Remote subnet we are to access
        rightsubnet=10.248.49.0/24
        # Remote machines key
        rightrsasigkey=
        auto=add

I bring up the conn and all connects well, NATs are detected.
However nothing will go down the IPSec connection.

Strange thing is if I change the config files such that the left subnet is
10.248.1.0/24 I can then ping 10.248.49.X from 10.2.2.X
I cannot however ping back the other way.

Any ideas / problems ...?

Help much appreciated.
Simon
________________________________________________________________
Simon Bradish
Software Engineer
Accuris Networks Ltd.
O'Connell Bridge House, D'Olier St., Dublin 2
Ph: +353-1-881-8761, Fax: +353-1-881-8701
http://www.accuris-networks.com/
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list