[Openswan Users] Ping Problem

宋林健 songlinjian at gmail.com
Tue May 27 03:36:14 EDT 2008


Well.I'm a newbie in the area of openswan. I just installed the software
yesterday actually ! It my first time to post letters in this
maillist.Anyway I am willing  do my best to give you some advice, OK?

Firstly I want to confirm the network scenario you discribed. In your
picture, i guess you want to connect two subnets
192.168.100.0/24<http://192.168.100.254/>and
192.168.0.0/24 <http://192.168.100.0/24> through a network in an ipsec
way,right? My question is that which IPsec mode do you use, transport or
tunnel mode? and another question is that : is the NAT configured well in
your gateway to let the packet to go through?

if your IPsec gateways in two sides are using the transport mode with no NAT
functionality, the ping packet can not forward to the destination, because
there is no proper route not only in the gateway but also in the internet.

if your Ipsec gateways are using the transport mode and with right NAT
functionality, the ping program will work without problem, as for NAT
works~~. (now the openswan can go through the NAT)

if your IPsec gateways are using the tunnel mode, the ping program will also
work well, no matter whether the NAT is enabled.Because the ping packets
were encapsulated and sent by the gateways which is connected already.

That is all I know. if there is someting wrong, just point out .I hope you
will make it. Have fun~~!

2008/5/25 <users-request at openswan.org>:

> Message: 2
> Date: Mon, 26 May 2008 09:10:23 +0530
> From: "Chandrakant Solanki" <solanki.chandrakant at gmail.com>
> Subject: [Openswan Users] Ping Problem
> To: users at openswan.org
> Message-ID:
>        <3bf515fb0805252040m3cda2b63lead21639029a4929 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi All,
>
> [left]
> [right]
> 192.168.100.0/24 ====== 219.64.11.125 ------ 219.64.11.1 <=========>
> 123.201.52.1 --------- 123.201.52.225 ====== 192.168.0.0/24
> Ipsec Server IP: 192.168.100.254
> Ipsec Server IP: 192.168.0.254
>
> This is my network scenario, I have setup my ipsec with 4 pc's network..
> and
> implemented IPSec successfully. I am pining only those PC who has local
> gateway 192.168.100.254 or 192.168.0.254 on both side.
>
>
> My question is that ....
>
> Is it necessary to set gateway [192.168.100.254] for all the pc who is
> belongs to 192.168.100.0/24 network or it is not necessary on both side.
>
> Help me out.
>
> --
> Regards,
>
> Chandrakant Solanki
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.openswan.org/pipermail/users/attachments/20080526/2684c74d/attachment.html
>
> -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080527/2a1c0a0a/attachment.html 


More information about the Users mailing list