[Openswan Users] Ipsec SA established but it can`t connect

Thu Sep 18 04:24:28 EDT 2008

Hello all,

i was trying to establish a roadwarrior xp connection to a Server Openswan (Fedora Core4).
The schedule is:

roadwarrior xp (192.168.1.14)---(192.168.1.1)Router(public_ip)---------
                                                                       |
      (10.105.240.x/22)OpensWanServer(public_ip)-----Router(public_ip)--
The tunnel ipsec is up, but i can`t to connect with a web server that it´s inside company`s LAN. 

Here the configuration file:

SERVER
ipsec.conf

version 2.0

config setup
	interfaces=%defaultroute
	nat_traversal=yes
	forwardcontrol=yes
	virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
	keyingtries=0
	compress=yes
	disablearrivalcheck=no
	authby=rsasig
	leftrsasigkey=%cert
	rightrsasigkey=%cert

conn roadwarrior-net
	leftsubnet=10.105.240.0/22
	also=roadwarrior

conn roadwarrior
	type=tunnel
	left=<public_ip_serveropenswan>
	leftcert=<name_of_cert>
	right=%any
	rightsubnet=vhost:%no,%priv
	auto=add
	pfs=yes

#Disable Opportunistic Encryption

conn block
	auto=ignore

conn private
	auto=ignore

conn private-or-clear
	auto=ignore

conn clear-or-private
	auto=ignore

conn clear
	auto=ignore

conn packetdefault
	auto=ignore

ipsec.secrets 
# X.509 Certs
: RSA <file.key> "password"

CLIENT XP
ipsec.conf

conn roadwarrior
	left=%any
	right=81.93.214.114
	rightca="................................."
	network=auto
	auto=start
	pfs=yes
conn roadwarrior-net
	left=%any
	right=10.105.241.253
	rightsubnet=10.105.240.0/22
	rightca="................................."
	network=auto
	auto=start
	pfs=yes

when i see the log , it shows that the Tunnel is established :
Sep 18 10:17:30 esmadlx02vpn pluto[6186]: "roadwarrior"[2] 195.5.94.158 #4: STATE_QUICK_R2: IPsec SA established {ESP=>0x3061814e <0xa143c95f xfrm=3DES_0-HMAC_MD5 NATD=<public_ip_client>:21655 DPD=none}

Can somebody help me?

thanks
Regards

Alfonso Viso Puerta
IT Department
Self Trade Bank by Boursorama
Tel:  +34 91 789 40 46

 ___________________________________

Ce message contient des informations confidentielles ou appartenant à
Boursorama et est établi à l'intention exclusive de ses destinataires. Toute
divulgation, utilisation, diffusion ou reproduction (totale ou partielle) de ce
message, ou des informations qu'il contient, doit être préalablement
autorisée. Tout message électronique est susceptible d'altération et son
intégrité ne peut être assurée. Boursorama décline toute responsabilité au
titre de ce message s'il a été modifié ou falsifié. Si vous n'êtes pas
destinataire de ce message, merci de le détruire immédiatement et d'avertir
l'expéditeur de l'erreur de distribution et de la destruction du message.
___________________________________

This e-mail contains confidential information or information belonging to
Boursorama and is intended solely for the addressees. The unauthorised
disclosure, use, dissemination or copying (either whole or partial) of this
e-mail, or any information it contains, is prohibited. E-mails are susceptible
to alteration and their integrity cannot be guaranteed. Boursorama shall not be
liable for this e-mail if modified or falsified. If you are not the intended
recipient of this e-mail, please delete it immediately from your system and
notify the sender of the wrong delivery and the mail deletion.
___________________________________