[Openswan Users] Link established no data going through

Martin Erasmus martin at onyx.co.za
Fri Oct 12 11:02:26 EDT 2007 

> Could be a firewall issue, is the subnet for that connection in a
> different private range then the others?

Yes all the locations have their own subnets

> Check your iptables rules to make sure the traffic is accepted.
> Do your ping tests match your subnet definitions, the only traffic to
> traverse the tunnel is what matches the subnets.

It was working till I had to reinstall to fc7, all the systems have the
same fire wall configeration it is only the local subnet that is different

> Additional info would be helpful...
> Ie)
> iptables -t filter -L -v -n
> iptables -t nat -L -v -n
> iptables -t mangle -L -v -n
> iptables -t raw -L -v -n

See attached log files
> ipsec version

fc2 with U2.1.5/K2.6.8-1.521smp

> The relavent sections of your ipsec.conf:
> The global parts (ie. config setup, conn %default, include .../no_oe.conf)
> And any conn sections relavent to the connection.

conn besho-besntl
 type=tunnel
 left=besho.gotdns.org
 leftsubnet=192.168.0.0/24
 leftnexthop=165.165.128.1
 right=%defaultroute
 rightsubnet=192.168.4.0/24
 rightnexthop=
 rightid=@besntl
 auto=add
 authby=secret|rsasig
 leftrsasigkey=

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf


> Restart openswan (ipsec restart), do your ping tests, then use the
> following to get the logs:
> egrep -h -e 'Oct 12 09.*pluto' /var/log/*
> Change the date and time to match your restart and test.

This did not give me a result

>
> Peter McGill
>
>
>> -----Original Message-----
>> From: users-bounces at openswan.org
>> [mailto:users-bounces at openswan.org] On Behalf Of Martin Erasmus
>> Sent: October 12, 2007 6:15 AM
>> To: users at openswan.org
>> Subject: [Openswan Users] Link established no data going through
>>
>> Hi All
>>
>> I was running fc2 on all my servers, 5 systems, 4 external
>> servers linking
>> to the main server at head office. I have a hard drive crash
>> on my main
>> server, I have now had to install fc7.
>>
>> The 4 external servers are running fc2 with U2.1.5/K2.6.8-1.521smp...
>> The main Server is running fc7 with U2.4.7/K2.6.21-1.3194.fc7
>>
>>
>> 3 of the external servers link and work no problem the last
>> one seems to
>> link but no data travels thought the link
>>
>> when I start the link I get the following
>>
>> ipsec_setup: Starting Openswan IPsec U2.1.5/K2.6.8-1.521smp...
>> 104 "besho-besntl" #1: STATE_MAIN_I1: initiate
>> 003 "besho-besntl" #1: ignoring Vendor ID payload
>> [4f455a7e4261425d...]
>> 003 "besho-besntl" #1: ignoring Vendor ID payload [Dead Peer
>> Detection]
>> 106 "besho-besntl" #1: STATE_MAIN_I2: sent MI2, expecting MR2
>> 108 "besho-besntl" #1: STATE_MAIN_I3: sent MI3, expecting MR3
>> 004 "besho-besntl" #1: STATE_MAIN_I4: ISAKMP SA established
>> 112 "besho-besntl" #2: STATE_QUICK_I1: initiate
>> 004 "besho-besntl" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
>> {ESP=>0x2f9d6b26 <0xed6cf187 IPCOMP=>0x00003e3e <0x00009a08}
>>
>> but nothing travels through no ping nothing from both sides
>>
>> any Ideas
>>
>> Thanks
>> Martin
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
>> 7?n=283155
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log1
Type: application/octet-stream
Size: 6518 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20071012/5b8f9b53/attachment-0004.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log2
Type: application/octet-stream
Size: 439 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20071012/5b8f9b53/attachment-0005.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log3
Type: application/octet-stream
Size: 728 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20071012/5b8f9b53/attachment-0006.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log4
Type: application/octet-stream
Size: 278 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20071012/5b8f9b53/attachment-0007.obj

More information about the Users mailing list