[Openswan Users] vpn connection

Alfonso Viso alfonso.viso at selftrade.com
Mon Jan 19 11:17:08 EST 2009


Hello Peter,

i send you the information:
ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.13/K2.6.17-1.2142_FC4smp (netkey)
Checking for IPsec support in kernel                            [OK]
Testing against enforced SElinux mode                           [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
<net_public>   0.0.0.0         255.255.255.240 U         0 0          0 eth1
10.105.228.0    0.0.0.0         255.255.252.0   U         0 0          0 eth1
10.105.240.0    0.0.0.0         255.255.252.0   U         0 0          0 eth0
10.105.0.0      10.105.240.20   255.255.0.0     UG        0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1
172.0.0.0       10.105.240.20   255.0.0.0       UG        0 0          0 eth0
10.0.0.0        10.105.240.20   255.0.0.0       UG        0 0          0 eth0
0.0.0.0        <gateway internet>   0.0.0.0         UG        0 0          0 eth1


iptables -t mangle -L -n -v
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

the iptables rules are ok, but we don't have configured any nat's rules, perhaps is it the problem?.
Other thing, i read in an article if there are many vpn it's necessary to use klips instead of netkey, is this true?.

thanks
Alfonso

-----Original Message-----
From: Peter McGill [mailto:petermcgill at goco.net]
Sent: lunes, 19 de enero de 2009 16:40
To: Alfonso Viso; users at openswan.org
Subject: RE: [Openswan Users] vpn connection


Alfonso,

There is several possible causes here.
Please send the output of the following
commands, to help in troubleshooting.
ipsec verify
netstat -nr
cat ipsec.conf
ipsec status
iptables -t filter -L -n -v
iptables -t nat -L -n -v
iptables -t mangle -L -n -v

Peter McGill
IT Systems Analyst
Gra Ham Energy Limited 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Alfonso Viso
> Sent: January 17, 2009 7:08 AM
> To: users at openswan.org
> Subject: [Openswan Users] vpn connection
> 
> hi all,
>  
> i can set openswan between Pix Cisco and Linux Server FC4. I 
> use NETKEY version and PSK. 
> the remote site can connect to our intranet, and i see that 
> the tunnel is up and the traffic is coming throught the 
> tunnel. The problem is when i try to ping the other side, the 
> traffic from local side don't go throught tunnel, i mean  the 
> traffic generated by our side, for example. i only see 
> traffic response by our side.
> Any body could be help us?
> thanks in advanced and sorry for my english.
>  
> regards
> Alfonso
> ________________________________
> 
> 
> Ce message contient des informations confidentielles ou 
> appartenant à Boursorama et est établi à l'intention 
> exclusive de ses destinataires. Toute divulgation, 
> utilisation, diffusion ou reproduction (totale ou partielle) 
> de ce message, ou des informations qu'il contient, doit être 
> préalablement autorisée. Tout message électronique est 
> susceptible d'altération et son intégrité ne peut être assurée.
> Boursorama décline toute responsabilité au titre de ce 
> message s'il a été modifié ou falsifié. Si vous n'êtes pas 
> destinataire de ce message, merci de le détruire 
> immédiatement et d'avertir l'expéditeur de l'erreur de 
> distribution et de la destruction du message. 
> 
> ________________________________
> 
> This e-mail contains confidential information or information 
> belonging to Boursorama and is intended solely for the 
> addressees. The unauthorised disclosure, use, dissemination 
> or copying (either whole or partial) of this e-mail, or any 
> information it contains, is prohibited. E-mails are 
> susceptible to alteration and their integrity cannot be 
> guaranteed. Boursorama shall not be liable for this e-mail if 
> modified or falsified. If you are not the intended recipient 
> of this e-mail, please delete it immediately from your system 
> and notify the sender of the wrong delivery and the mail deletion. 
> 
> ________________________________
> 
> 




___________________________________

Ce message contient des informations confidentielles ou appartenant à
Boursorama et est établi à l'intention exclusive de ses destinataires. Toute
divulgation, utilisation, diffusion ou reproduction (totale ou partielle) de ce
message, ou des informations qu'il contient, doit être préalablement
autorisée. Tout message électronique est susceptible d'altération et son
intégrité ne peut être assurée. Boursorama décline toute responsabilité au
titre de ce message s'il a été modifié ou falsifié. Si vous n'êtes pas
destinataire de ce message, merci de le détruire immédiatement et d'avertir
l'expéditeur de l'erreur de distribution et de la destruction du message.
___________________________________

This e-mail contains confidential information or information belonging to
Boursorama and is intended solely for the addressees. The unauthorised
disclosure, use, dissemination or copying (either whole or partial) of this
e-mail, or any information it contains, is prohibited. E-mails are susceptible
to alteration and their integrity cannot be guaranteed. Boursorama shall not be
liable for this e-mail if modified or falsified. If you are not the intended
recipient of this e-mail, please delete it immediately from your system and
notify the sender of the wrong delivery and the mail deletion.
___________________________________
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipsec_status.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20090119/1afce57f/attachment-0001.txt 


More information about the Users mailing list