[Openswan Users] Link established no data going through

Peter McGill petermcgill at goco.net
Fri Oct 12 10:08:50 EDT 2007


Could be a firewall issue, is the subnet for that connection in a different private range then the others?
Check your iptables rules to make sure the traffic is accepted.
Do your ping tests match your subnet definitions, the only traffic to traverse the tunnel is what matches the subnets.
Additional info would be helpful...
Ie)
iptables -t filter -L -v -n
iptables -t nat -L -v -n
iptables -t mangle -L -v -n
iptables -t raw -L -v -n
ipsec version
The relavent sections of your ipsec.conf:
The global parts (ie. config setup, conn %default, include .../no_oe.conf)
And any conn sections relavent to the connection.
Restart openswan (ipsec restart), do your ping tests, then use the following to get the logs:
egrep -h -e 'Oct 12 09.*pluto' /var/log/*
Change the date and time to match your restart and test.

Peter McGill
 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Martin Erasmus
> Sent: October 12, 2007 6:15 AM
> To: users at openswan.org
> Subject: [Openswan Users] Link established no data going through
> 
> Hi All
> 
> I was running fc2 on all my servers, 5 systems, 4 external 
> servers linking
> to the main server at head office. I have a hard drive crash 
> on my main
> server, I have now had to install fc7.
> 
> The 4 external servers are running fc2 with U2.1.5/K2.6.8-1.521smp...
> The main Server is running fc7 with U2.4.7/K2.6.21-1.3194.fc7
> 
> 
> 3 of the external servers link and work no problem the last 
> one seems to
> link but no data travels thought the link
> 
> when I start the link I get the following
> 
> ipsec_setup: Starting Openswan IPsec U2.1.5/K2.6.8-1.521smp...
> 104 "besho-besntl" #1: STATE_MAIN_I1: initiate
> 003 "besho-besntl" #1: ignoring Vendor ID payload 
> [4f455a7e4261425d...]
> 003 "besho-besntl" #1: ignoring Vendor ID payload [Dead Peer 
> Detection]
> 106 "besho-besntl" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "besho-besntl" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 004 "besho-besntl" #1: STATE_MAIN_I4: ISAKMP SA established
> 112 "besho-besntl" #2: STATE_QUICK_I1: initiate
> 004 "besho-besntl" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
> {ESP=>0x2f9d6b26 <0xed6cf187 IPCOMP=>0x00003e3e <0x00009a08}
> 
> but nothing travels through no ping nothing from both sides
> 
> any Ideas
> 
> Thanks
> Martin
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155



More information about the Users mailing list