[Openswan Users] migration from 2.4.9-31.el4 to 2.6.14-1.el5_2.1
Sebastien COUPPEY
sebastien.couppey at zero9.it
Wed Jul 2 06:55:01 EDT 2008
Hello,
I upgraded the opensan engine from :
openswan-2.4.9-31.el4.rpm to openswan-2.6.14-1.el5_2.1
but now I just have a 1 way commication for all my tunnels.
Here is a configuration extraction :
RIGHT NODE :
conn test-to-wasabi
authby=secret
right=212.147.144.3
rightsubnet=10.44.0.0/24
rightsourceip=10.44.0.2
left=151.1.217.100
leftsubnet=10.0.3.99/32
leftsourceip=10.0.3.100
ike=aes256-sha1
esp=aes256-sha1
auto=start
LEFT NODE :
conn test-to-wasabi
authby=secret
right=212.147.144.3
rightsubnet=10.44.0.0/24
left=151.1.217.100
leftsubnet=10.0.3.99/32
leftsourceip=10.0.3.100
ike=aes256-sha1
esp=aes256-sha1
auto=start
Tunnel is UP:
RIGHT to LEFT => OK
LEFT to RIGHT => not working.
Here is the now working node verify status :
ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.14/K2.6.18-92.1.1.el5 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: frw01
[MISSING]
Does the machine have at least one non-private address? [OK]
Looking for TXT in reverse dns zone: 100.217.1.151.in-addr.arpa.
[MISSING]
The ip_forward is activated.
The added route is :
10.44.0.0/24 dev eth0 scope link src 10.0.3.100
(eth0 is the internet link)
I am for sure missing a configuration option, but not able to spot the
problem.
Any tips ?
thanks
More information about the Users
mailing list