[Openswan Users] IPSec tunnels OK, but don't work VPN

Tomás Alvarez talvarez at ipservice.cl
Tue Mar 4 12:52:54 EST 2008


I set up a VPN between 2 Fedora Core 5 (Kernel 2.6.15-1.2054_FC5smp) using
OpenSwan 2.4.4

Tunnels are OK!

# service ipsec status

IPsec running  - pluto pid: 23992

pluto pid 23992

3 tunnels up


If I ping from a machine in LAN A to a machine on the remote LAN (B) it work

# ping

PING ( 56(84) bytes of data.

64 bytes from icmp_seq=1 ttl=126 time=53.1 ms

64 bytes from icmp_seq=2 ttl=126 time=49.9 ms


# tcpdump -nli eth0 proto 50

            14:37:38.939450 IP XXX.XXX.XX.XX > YYY.YYY.YYY.YYY:
ESP(spi=0x3cec758d,seq=0x3), length 132

14:37:38.989187 IP YYY.YYY.YYY.YYY > XXX.XXX.XX.XX:
ESP(spi=0x8a87736f,seq=0x3), length 132

14:37:39.940881 IP XXX.XXX.XX.XX > YYY.YYY.YYY.YYY:
ESP(spi=0x3cec758d,seq=0x4), length 132

14:37:39.992031 IP YYY.YYY.YYY.YYY > XXX.XXX.XX.XX:
ESP(spi=0x8a87736f,seq=0x4), length 132


It see very OK! 
 But when I try any other protocol like SSH, it don’ work
from a machine in LAN A to a remote machine in LAN B

# ssh


No ESP traffic is seen in eth0. But I see not encrypted and not NATed
packets in eth0

# tcpdump -nli eth0 | grep 192.168.

14:44:08.752777 IP > S
1950168007:1950168007(0) win 5840 <mss 1460,sackOK,timestamp 155885933
0,nop,wscale 2>

14:44:11.753190 IP > S
1950168007:1950168007(0) win 5840 <mss 1460,sackOK,timestamp 155886683
0,nop,wscale 2>


In iptables I have the following rule to NAT at eth0:



I do exactly the same in WhiteBox and it work fine
 In fedora Core 4 I have
this problem.


Any idea what cause this problem?



P.D.: sorry my bad English






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080304/6ad93283/attachment.html 

More information about the Users mailing list