[Openswan Users] Interoperability between Openswan and Freeswan
Arjun Datta
arjun at greatgulfhomes.com
Tue Jan 29 14:30:20 EST 2008
Hi,
I've managed, it seems, to get OpenSwan 2.4.7 on FC7 to connect to
FreeSwan 1.4. When I restart ipsec on the FreeSwan side it says:
ipsec_setup: 102 "<conn_name>" #1: STATE_MAIN_I1: initiate
ipsec_setup: 104 "<conn_name>" #1: STATE_MAIN_I2: from STATE_MAIN_I1;
sent MI2, expecting MR2
ipsec_setup: 106 "<conn_name>" #1: STATE_MAIN_I3: from STATE_MAIN_I2;
sent MI3, expecting MR3
ipsec_setup: 004 "<conn_name>" #1: STATE_MAIN_I4: SA established
ipsec_setup: 110 "<conn_name>" #2: STATE_QUICK_I1: initiate
ipsec_setup: 004 "<conn_name>" #2: STATE_QUICK_I2: SA established
The Openswan side has a 10.249.100.0/24 subnet behind it and the
FreeSwan side has a 10.241.100.0/24 subnet behind it.
However I cannot ping a machine on one subnet from another. I've tried
both directions. The pings just time out.
Since both ends have an external IP as well as an internal IP, I suspect
I need to modify with the *nat section in the iptables but I am loathe
to simply twiddle with it blindly. For the openswan side it looks as
follows:
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -d ! 10.0.0.0/255.0.0.0 -o ppp0 -j MASQUERADE
COMMIT
Is there somewhere else I should look as well ? Is there additional
option(s) in the ipsec.conf file I need to switch on ?
Thanks,
Arjun Datta
More information about the Users
mailing list