[Openswan Users] upgrade openswan on CC 4.3 box
Kevin Kizer
kkizer at lgdpc.com
Tue May 19 15:57:35 EDT 2009
Sven and Nick,
Unfortunately I am the same situation as you, I was able to compile
2.4.14 and get the IPSEC tunnel to establish and even get the remote
site connected and traffic flowing. But I cannot get any traffic from
the main office to the remote. (I.E. I can ping from remote but not from
main).
I think it has something to do with NAT, I am still looking for a
solution.
If I come up with anything I will post here......
Kevin Kizer
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Sven J. van Rooij
Sent: Tuesday, May 19, 2009 2:39 PM
To: Nick Howitt
Cc: users at openswan.org
Subject: Re: [Openswan Users] upgrade openswan on CC 4.3 box
Nick,
Thanks for the quick response.
So I did do the upgrade and same issue...
I get my tunnels up, but now no traffic seems to go across the tunnel.
Pings time out.
And the ipsec verify gives me this
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.9/K2.6.18-93.cc4 (netkey)
Checking for IPsec support in kernel
[OK]
NETKEY detected, testing for disabled ICMP send_redirects
[FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets)
[DISABLED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
cat: ipsec.*.conf: No such file or directory
Opportunistic Encryption Support
[DISABLED]
Cannot execute command "which iptables": No such file or directory
cat: ipsec.*.conf: No such file or directory
Even though I have disabled the send and accept redirects....
Any ideas??
Sven
From: Nick Howitt [mailto:n1ck.h0w1tt at googlemail.com]
Sent: Tuesday, May 19, 2009 10:51 AM
To: Sven J. van Rooij
Cc: users at openswan.org
Subject: Re: [Openswan Users] upgrade openswan on CC 4.3 box
Sven,
The instructions in this
<http://forums.clarkconnect.com/showthreaded.php?Cat=0&Number=103109&pag
e=0&vc=1> thread in the CC forums work fine for Openswan-2.4.14. I
could not make it work with 2.6.18 or 2.6.21. 2.6.18 may compile but
won't run. 2.6.21 will not compile.
I have Openswan working fine as a VPN gateway/router. I just cannot get
the file server to work properly through the VPN, not can I get pings to
and from the gateway work reliably through the tunnel. LAN-LAN traffic
through the gateway is OK.
I was going to wait until CC5 (Openswan-2.6.14) is released before
troubleshooting this any further.
Nick
Sven J. van Rooij wrote:
An anyone direct me towards a good set of instructions on how to upgrade
openswan on a clark connect box.
Regardless which version (besides the original) I choose, I end up with
a tunnel, but no traffic on it.
PLEASE HELP!
Thanks,
Sven
_____
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090519/8bb95248/attachment-0001.html
More information about the Users
mailing list