[Openswan Users] OpenSwan VPN between public nets

Gianni Socionovo giannisocionovo at mepsaws.it
Thu Mar 26 05:56:12 EDT 2009 

Hello guys,

i am a newbie about openswan and a support service ask me to create a 
VPN connection with them using just only public IP addresses.

So i'm trying from several days to establish the following connection ( 
in a simulated network environment)

left subnet  ----------------->left VPN gw 
---------------------------------> right VPN gw  ------------------> 
right subnet
88.xxx.yyy.abc/32 --------->88.xxx.yyy.rst 
-------------------------------> 85.ttt.www.npq ------------------> 
85.ttt.www.def/32

where

88.xxx.yyy is the same subnet for VPN gw and left subnet and the same is 
for 85.ttt.www.

left and right subnets has 88.xxx.yyy.rst and 85.ttt.ww.npq as their own 
network gateways respectively.

Both Vpn gateways, in the simulated network environment, have openswan 
2.49 on linux kernel 2.6.24-19 and shorewall 4.0.6 as firewall
The two subnet hosts have linux kernel 2.6.24-19 and shorewall 4.0.6 as 
firewall.

I can establish the VPN connection between gateways as resulting from 
message :

ipsec auto --status
....
root at rightvpngw:~#  #428: "VpnTest":500 STATE_QUICK_R2 (IPsec SA 
established); EVENT_SA_REPLACE in 1256s; newest IPSEC; eroute owner
000 #428: "VpnTest" esp.ee70e6eb at 85.ttt.www.npq 
esp.b66eb69d at 88.xxx.yyy.rst tun.0 at 85.ttt.www.npq tun.0 at 88.xxx.yyy.rst
000 #426: "VpnTest":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); 
EVENT_SA_REPLACE in 826s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)
root at rightvpngw:~# 000 #428: "VpnTest" esp.ee70e6eb at 85.ttt.www.npq 
esp.b66eb69d at 88.xxx.yyy.rst tun.0 at 85.ttt.www.npq tun.0 at 88.xxx.yyy.rst

but it seems I cannot reach the two hosts in the subnets.

I check the firewall and i found no reject or drop messages, so i think 
it is a routing problem

Is anyone can help me asap?

Thanks in advance and Regards.


-- 
_________________________________________________
*/Gianni Socionovo/*
//
------------------------------------------------------------------------

Le informazioni contenute nella presente comunicazione e i relativi 
allegati possono essere riservate e sono, comunque, destinate 
esclusivamente alle persone o alla Società sopraindicate. La diffusione, 
distribuzione e/o copiatura del documento trasmesso da parte di 
qualsiasi soggetto diverso dal destinatario è proibita, sia ai sensi 
dell'art. 616 c.p. , che ai sensi del D.Lgs. n. 196/2003. Se avete 
ricevuto questo messaggio per errore, vi preghiamo di distruggerlo e di 
informare il mittente.

The information in this e-mail is confidential and may also be legally 
privileged. It is intended for the addressee only. Unauthorized 
recipients are required to maintain confidentiality. If you have 
received this e-mail in error please notify us immediately, destroy any 
copies. Any use, dissemination, forwarding, printing or copying of this 
e-mail is prohibited in accordance with art. 616 of the Penal Code and 
Legislative Decree N° 196 of 2003.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090326/2659a954/attachment-0001.html

More information about the Users mailing list