[Openswan Users] multiple subnets ?
Indunil Jayasooriya
indunil75 at gmail.com
Thu Jun 26 01:43:33 EDT 2008
> auto=start should cause the same results....
Thanks for it.
>
>> Now, All 4 tunnles are up. But, I still can not ping to 4 subnets in
>> other side.
>> Could you pls expalin why?
>
> firewalling? routing? natting? rp_filter?
it is a firewall with a lot of rules. I has 3 network cards. Natting is DONE.
rp_filter is set to 1.
> what does ipsec verify say?
pls see below
[root at firewall etc]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.9/K2.6.18-8.el5 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets) [DISABLED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
>> I did traceroute as well.
>
> Traceroute is a very bad tool to use in combination with IPsec.
Then, Can you recommnad a good tool instead?
Command ifconfig shows the USUAL ip addresses. It does NOT show any tunnel?
Could you pls expalin why I can not ping their subnets.
What are the areas I will have to look in to it ?
Hope to hear form you ASAP?-
-
Thank you
Indunil Jayasooriya
More information about the Users
mailing list