[Openswan Users] We can NOT ping from the firewall, But can ping from LAN Pcs.
Peter McGill
petermcgill at goco.net
Tue Dec 9 09:21:12 EST 2008
Ruben Laban wrote:
> On Tuesday 09 December 2008 at 07:28 (CET), Indunil Jayasooriya wrote:
>>> In your openswan connection definitions you need to use
>>> left/rightsource=internal.ip.of.firewall, so that the firewall
>>> communicates to the remote end using an ip thats within your
>>> left/rightsubnet definition.
>> Thanks for your reply. Pls see below ipsec.con file
>>
>> where left=1.2.3.4 and right=5.6.7.8 are real ips of both sides.
>> left=1.2.3.4 - This is OUR end
>> right=5.6.7.8 - This is REMOTE end
>>
>> # basic configuration
>> config setup
>> interfaces=%defaultroute
>> # Debug-logging controls: "none" for (almost) none, "all" for lots.
>> klipsdebug=all
>> plutodebug=all
>> nat_traversal=yes
>>
>> conn tunnelipsec1
>> type=tunnel
>> left=1.2.3.4
>> leftsubnet=192.168.1.0/24
>> right=5.6.7.8
>> rightsubnet=196.4.49.0/24
>> esp=3des
>> authby=secret
>> keyexchange=ike
>> pfs=no
>> auto=start
>
> Assuming your end has both 1.2.3.4 and 192.168.1.1, add the following line to
> your "conn tunnelipsec1" section:
> leftsourceip=192.168.1.1
>
> Change ip if needed ofcourse.
Exactly, and for your own good, turn off klips&plutodebug...
#klipsdebug=none
#plutodebug=none
Peter
More information about the Users
mailing list