[Openswan Users] Packets not passing through Tunnel
Khan, Hammad Aslam
raohammad at gmail.com
Wed Mar 12 02:11:11 EDT 2008
I already have enabled ip forwarding;
My Setup is like;
my private my gateway
<<public>>
remote gw (cisco vpn 3000) remote private
--------
-----------------------------------------
------------------------------- ----------------------
| |
| | |
| |
10.5.125.105 === 10.5.125.100(eth1) (eth0)58.58.58.58 >>*><*<<
202.202.202.202 ?.?.?.? ==== 10.8.13.113 |
|
| |
| | | |
-------
-----------------------------------------
------------------------------ ----------------------
*My Config file*
config setup
interfaces="ipsec0=eth0"
plutodebug="all"
nat_traversal=yes
conn nattelenor
type=tunnel
authby=secret # secret key
auth=esp
pfs=no
keylife=28800
keyingtries=3
auto=add
ike=3des-md5-modp1024
esp=3des-md5
left=58.58.58.58 # my external, internet-routable ip
address, provided by NAT box=
leftsubnet=10.5.125.105/32
right=202.202.202.202 # my peer's external,
internet-routable ip address=
rightsubnet=10.8.13.113/32
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
*My ipsec verify result*
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.9/K2.6.18-1.2798.fc6 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
Regards,
Hammad
On Tue, Mar 11, 2008 at 10:56 PM, Peter McGill <petermcgill at goco.net> wrote:
> Did you add leftsourceip=leftlanip and rightsourceip=rightlanip?
> Without them you can only ping hosts other than the ipsec gateway,
> on the remote lan, and only from hosts on the local lan not the local
> ipsec gateway.
> Show us your ipsec.conf and ipsec verify.
>
> Peter McGill
>
>
> ------------------------------
> *From:* users-bounces at openswan.org [mailto:users-bounces at openswan.org] *On
> Behalf Of *Khan, Hammad Aslam
> *Sent:* March 11, 2008 1:45 PM
> *To:* users at openswan.org
> *Subject:* [Openswan Users] Packets not passing through Tunnel
>
> Hello everyone,
> My tunnel has been successfully established (both ISAKMP and IPSEC are
> UP);
> but when I try to ping/telnet remote end's private network PC i dont get
> any response.,
>
> Using *tcpdump -i eth0 *(which is my public interface of GW) it shows that
> GW is querying internet for remote-private-nw using ARP. No ESP packets are
> seen...
>
> I added a route of
> # route add <remote-private-ip> gw <remote-public-ip>
> ...but still, i see the same result?
>
> Please help.
>
> Regards,
> Hammad
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080312/28ddbb40/attachment-0001.html
More information about the Users
mailing list