[Openswan Users] We can NOT ping from the firewall, But can ping from LAN Pcs.
Ruben Laban
r.laban at ism.nl
Tue Dec 9 02:53:25 EST 2008
On Tuesday 09 December 2008 at 07:28 (CET), Indunil Jayasooriya wrote:
> > In your openswan connection definitions you need to use
> > left/rightsource=internal.ip.of.firewall, so that the firewall
> > communicates to the remote end using an ip thats within your
> > left/rightsubnet definition.
>
> Thanks for your reply. Pls see below ipsec.con file
>
> where left=1.2.3.4 and right=5.6.7.8 are real ips of both sides.
> left=1.2.3.4 - This is OUR end
> right=5.6.7.8 - This is REMOTE end
>
> # basic configuration
> config setup
> interfaces=%defaultroute
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> klipsdebug=all
> plutodebug=all
> nat_traversal=yes
>
> conn tunnelipsec1
> type=tunnel
> left=1.2.3.4
> leftsubnet=192.168.1.0/24
> right=5.6.7.8
> rightsubnet=196.4.49.0/24
> esp=3des
> authby=secret
> keyexchange=ike
> pfs=no
> auto=start
Assuming your end has both 1.2.3.4 and 192.168.1.1, add the following line to
your "conn tunnelipsec1" section:
leftsourceip=192.168.1.1
Change ip if needed ofcourse.
HTH.
--
Regards,
Ruben
More information about the Users
mailing list