[Openswan Users] VPN working only one direction
Kevin Kizer
kkizer at lgdpc.com
Fri May 15 16:52:31 EDT 2009
The remote vpn device is a Netgear FVS318 so I can't do a verify....
Here are the verify results on the Main office side as well as the error when trying to ping the remote sites internal interface.
PING 192.168.101.199 (192.168.101.199) from 192.168.100.1 eth1: 56(84) bytes of data.
>From 216.180.14.110 icmp_seq=0 Destination Net Unreachable
>From 216.180.14.110 icmp_seq=8 Destination Net Unreachable
>From 216.180.14.110 icmp_seq=9 Destination Net Unreachable
--- 192.168.101.199 ping statistics ---
16 packets transmitted, 0 received, +3 errors, 100% packet loss, time 14999ms
, pipe 2
[root at mail etc]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.14/K2.6.18-93.cc4 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Friday, May 15, 2009 3:41 PM
To: Kevin Kizer
Cc: users at openswan.org
Subject: Re: [Openswan Users] VPN working only one direction
On Fri, 15 May 2009, Kevin Kizer wrote:
> I am new to the world of Openswan so please bear with me,
>
> I have semi successfully setup a network to network IPSEC vpn, the
> connection is up and the remote site can access the LAN at the main
> office. The problem is the main office cannot connect to the remote sites
> LAN.
check both sides with ipsec verify
ensure IPsec destined packets are not NAT'ed
ensure ip forwarding
if ipsec gw is not the default gw, add a route.
Paul
More information about the Users
mailing list