[Openswan Users] ipsec with zywall : can't ping

Issany Reza issanyr at gmail.com
Thu Nov 20 06:27:46 EST 2008 

Hello,

I'm trying to configure ipsec with a zywall 2 plus router.
I have successfully connect the zywall to my openswan box (debian +
openswan).
I'm using NETKEY The server is a server that only have the public interface.
I have created new one :

192.168.2.1/24 ---- public ip of openswanbox --------- BOX
------------------ public ip of zywall --- 192.168.10.0/24

000 #4: "techvar":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 27737s; newest IPSEC; eroute owner; isakmp#1; idle;
import:admin initiate
000 #4: "techvar" esp.531534b at 217.128.239.227 esp.fea97a54 at 88.191.91.113
tun.0 at 217.128.239.227 tun.0 at 88.191.91.113 ref=0 refhim=4294901761
000 #1: "techvar":500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 2330s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle;
import:admin initiate

But, from each side, I can't ping any of other LAN subnet.

I I had this route in the zywall :

Destination
192.168.2.0 / 255.255.255.0

Gateway
192.168.10.1

I can ping the server (192.168.2.1).

If I add this route in the server :
route add -net 192.168.10.0/24 gw 192.168.2.1

I can ping the router (192.168.10.1) but I can't ping any of PC connected in
the subnet 192.168.10.0/24

conn techvar
        #local
        left=88.191.91.113
        leftsubnet=192.168.2.0/24
        leftid=88.191.91.113
        authby=secret
        pfs=yes
        auth=esp
        aggrmode=no
        disablearrivalcheck=no
        esp=3des-md5-96
        # remote
        right=217.128.239.227
        rightsubnet=192.168.10.0/24
        rightid=217.128.239.227
        auto=start

I'm using iptables on the server :
# IPSEC
iptables -A INPUT -i eth1 -p tcp --dport 50 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 51 -j ACCEPT
iptables -A INPUT -i eth1 -p udp --destination-port 500 -j ACCEPT

Any idea to solve this probem ?
-- 
- reza -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081120/48e859ed/attachment.html

More information about the Users mailing list