[Openswan Users] We can NOT ping from the firewall, But can ping from LAN Pcs.
Indunil Jayasooriya
indunil75 at gmail.com
Tue Dec 9 01:28:56 EST 2008
On Mon, Dec 8, 2008 at 5:15 PM, Ruben Laban <r.laban at ism.nl> wrote:
> On Monday 08 December 2008 at 11:47 (CET), Indunil Jayasooriya wrote:
>> Hi All,
>>
>> I am running OpenSwan on Centos 5x . It works fine. All the Pcs behind
>> LAN can ping all the destinations @ the rempte sites.
>> Firewall where OpenSwan running can NOT ping all the destinations @
>> the rempte sites.
>>
>> Could you pls let me know why?
>
> In your openswan connection definitions you need to use
> left/rightsource=internal.ip.of.firewall, so that the firewall communicates
> to the remote end using an ip thats within your left/rightsubnet definition.
Thanks for your reply. Pls see below ipsec.con file
where left=1.2.3.4 and right=5.6.7.8 are real ips of both sides.
left=1.2.3.4 - This is OUR end
right=5.6.7.8 - This is REMOTE end
# basic configuration
config setup
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=all
plutodebug=all
nat_traversal=yes
conn tunnelipsec1
type=tunnel
left=1.2.3.4
leftsubnet=192.168.1.0/24
right=5.6.7.8
rightsubnet=196.4.49.0/24
esp=3des
authby=secret
keyexchange=ike
pfs=no
auto=start
Conection is established. but, We can NOT ping from the firewall
Still seeking your help.
--
Thank you
Indunil Jayasooriya
More information about the Users
mailing list