[Openswan Users] Tunnel up but cannot ping the other side

Alfonso Viso alfonso.viso at selftrade.com
Tue Dec 23 11:05:41 EST 2008 

hello Paul,
'ipsec verify' display this:
 ~]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.13/K2.6.17-1.2142_FC4smp (netkey)
Checking for IPsec support in kernel                            [OK]
Testing against enforced SElinux mode                           [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

the line 'Checking NAT and MASQUERADEing' is ok?.
thanks
regards
Alfonso
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: martes, 23 de diciembre de 2008 16:58
To: Alfonso Viso
Cc: Openswan (E-mail)
Subject: Re: [Openswan Users] Tunnel up but cannot ping the other side


On Tue, 23 Dec 2008, Alfonso Viso wrote:

> i have a problem with pinging the other side of a tunnel. In one side we configure openswan in linux server Fedora 4 Core 2.6.17 , and the version of Openswan U2.4.13/K2.6.17-1.2142_FC4smp (netkey).
> the other side:
> CISCO PIX .

> with this configuration the tunnel comes up but i can't ping to side to the PIX.

run 'ipsec verify', or manually check forwarding, masquarading, nat-t,
firewall rules, sysctl.conf settings.

Paul


___________________________________

Ce message contient des informations confidentielles ou appartenant à
Boursorama et est établi à l'intention exclusive de ses destinataires. Toute
divulgation, utilisation, diffusion ou reproduction (totale ou partielle) de ce
message, ou des informations qu'il contient, doit être préalablement
autorisée. Tout message électronique est susceptible d'altération et son
intégrité ne peut être assurée. Boursorama décline toute responsabilité au
titre de ce message s'il a été modifié ou falsifié. Si vous n'êtes pas
destinataire de ce message, merci de le détruire immédiatement et d'avertir
l'expéditeur de l'erreur de distribution et de la destruction du message.
___________________________________

This e-mail contains confidential information or information belonging to
Boursorama and is intended solely for the addressees. The unauthorised
disclosure, use, dissemination or copying (either whole or partial) of this
e-mail, or any information it contains, is prohibited. E-mails are susceptible
to alteration and their integrity cannot be guaranteed. Boursorama shall not be
liable for this e-mail if modified or falsified. If you are not the intended
recipient of this e-mail, please delete it immediately from your system and
notify the sender of the wrong delivery and the mail deletion.
___________________________________

More information about the Users mailing list