[Openswan Users] Tunnel Up But Not Passing Traffic Openswan to Fortigate VPN Firewall
rorosz at gmail.com
Tue Dec 1 12:00:49 EST 2009
I'm still in the process of troubleshooting this issue but wanted to throw
this out there in case anyone's ever run into a similar issue and solved it
I have an established IPSec tunnel between a Linux box running Openswan
U2.4.12 on 2.6.26 to a Fortigate FG1000A VPN firewall. The tunnel appears
to be up but it does not pass traffic. I can send a ping from the Openswan
side to the Fortigate local network and I see the ESP packets leaving the
Linux box on the outside interface but they either don't reach the Fortigate
box or they reach it and don't get decrypted. If a ping is sent from the
Fortigate box, I see ESP packets entering the outside interface on the Linux
box but they don't appear to get decrypted either. There is no NAT or
firewall involved on either end.
I've tried disabling/ enabling compression. With compress=yes, the tunnel
does not come up. I've tried disabling PFS on both sides. This makes not
difference. Here is the Openswan config:
Has anyone run into a similar issue before and if so, any idea how to work
around it? Or, if someone has a working connection between Openswan and a
Fortigate FG1000A, I'd love to know the details. ;-)
I don't currently have access to the Fortigate but can provide details from
it if needed. Basically, the proposals appear to match as the tunnel is
established. Also, I have debugging running for Openswan but am unsure of
what to look for.
Thanks a ton!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users