[Openswan Users] OpenSwan Connection Problems
Bradish, Simon
simon.bradish at accuris-networks.com
Wed Feb 28 06:02:19 EST 2007
Hi Dale
Thanks for your reply, I temporarily stopped iptables to test if this was the problem but alas no luck.
Simon
-----Original Message-----
From: Dale Taylor [mailto:dale at bluehall.net]
Sent: 28 February 2007 10:35
To: Bradish, Simon; users at openswan.org
Subject: RE: [Openswan Users] OpenSwan Connection Problems
Sounds like your iptables are not configured correctly, check to make sure
there is a rule in to allow the other network to connect.
Dale
-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Bradish, Simon
Sent: 28 February 2007 10:03
To: users at openswan.org
Subject: [Openswan Users] OpenSwan Connection Problems
Hi
Very very new to OpenSwan and IPSec so please forgive any newbie errors.
I have some problems with the following setup...
10.2.2.0/24 >---< 10.2.2.1 :OpenSwan GW #1: External IP Address NATed to
10.248.1.193 >---->>>
(Left)
INTERNET
(Right)
<<<----< External IP Address NATed to 10.30.1.217 :OpenSwan Gw #2:
10.248.49.246 >---< 10.248.49.0/24
Right config file as follows:
nat_traversal=yes
conn test
# Remote Machine
left=OpenSwan GW #2 External IP Address
leftid=@fmcgw
# Remote subnet we are to access
leftsubnet=10.2.2.0/24
# Remote machines key
leftrsasigkey=
# This machine
right=10.30.1.217
rightid=@six
# Subnet we wish the far side to access
rightsubnet=10.248.49.0/24
# This machines key
rightrsasigkey=
auto=add
Left config file as follows:
nat_traversal=yes
conn test
# This Machine
left=10.248.1.193
leftid=@fmcgw
# Subnet we wish the far side to access
leftsubnet=10.2.2.0/24
# This machines key
leftrsasigkey=
# Remote machine
right= OpenSwan GW #1 External IP Address
rightid=@six
# Remote subnet we are to access
rightsubnet=10.248.49.0/24
# Remote machines key
rightrsasigkey=
auto=add
I bring up the conn and all connects well, NATs are detected.
However nothing will go down the IPSec connection.
Strange thing is if I change the config files such that the left subnet is
10.248.1.0/24 I can then ping 10.248.49.X from 10.2.2.X
I cannot however ping back the other way.
Any ideas / problems ...?
Help much appreciated.
Simon
________________________________________________________________
Simon Bradish
Software Engineer
Accuris Networks Ltd.
O'Connell Bridge House, D'Olier St., Dublin 2
Ph: +353-1-881-8761, Fax: +353-1-881-8701
http://www.accuris-networks.com/
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list