[Openswan Users] one way tunnel
Peter McGill
petermcgill at goco.net
Thu Jun 21 09:03:25 EDT 2007
> -----Original Message-----
> Date: Wed, 20 Jun 2007 09:37:54 -0700
> From: Bruce Ferrell <bferrell at baywinds.org>
> Subject: [Openswan Users] one way tunnel
> To: users at openswan.org
>
> I'm new to openswan and I've been digging through the available
> documentation for the last week for a problem that is making me nuts.
>
> I'm trying to do a subnet-subnet tunnel and can from the
> right subnet to
> the left subnet but I can't ping from the left to the right.
> Is there
> something wrong in the config below?
>
> Thanks in advance
>
> conn NYCPOP
> auth=esp
> authby=secret
> auto=start
> esp=3des-sha1
> ike=3des-sha1
> keyexchange=ike
> keyingtries=0
> left=66.92.17.98
> leftid=@bruce
> leftsubnet=192.0.2.0/24
> pfs=no
> right=64.74.247.1
> rightid=@0006B138EF44
> rightsubnet=192.168.10.0/24
> type=tunnel
Are you sure your leftsubnet is 192.0.2.0/24, 192.168.2.0/24 makes more sense.
Otherwise, looks fine, tunnels work both ways, so I would guess you likely
Have a firewall problem dropping the packets.
Make sure you have firewall rules in iptables to allow the
Private traffic from the other site.
Do you have openswan on both sides or just one side?
If one which side and what is on the other side?
Are you pinging from a host on the subnet or from the ipsec router?
If from the router add leftsourceip=192.0.2.? (router lan ip.) and
rightsourceip=192.168.10.? (other router lan ip)
ipsec --version should tell you if your using klips or netkey (native),
ipsec in the kernel. You need to know this because the firewall rules
Differ depending on which.
Be sure to add FORWARD and possibly INPUT rules for -s 192.0.2.0/24 (or 192.168.2.0/24).
Peter
More information about the Users
mailing list