[Openswan Users] problem to network no ping net-to-net

Walter Willis walterwn at gmail.com
Mon Oct 19 04:31:56 EDT 2009 

Linux Openswan Uopenswan-2.4.9-31.el4/K2.6.18-128.1.6.el5 (netkey)

from one moment to another are linked but not pin or pass data from one end
to another

my provider is telefonica

correctly assumes that the connection established, but the pins from the
subnet to another subnet: ping reaches the other side, the machine responds
the ping, but ping does not reach the other machine did not even see on the
iptraf it arrives.

up the connection and I get this:
# ipsec auto --up conexion

104 "conexion" #12: STATE_MAIN_I1: initiate
003 "conexion" #12: received Vendor ID payload [Openswan (this version)
2.4.15  PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "conexion" #12: received Vendor ID payload [Dead Peer Detection]
106 "conexion" #12: STATE_MAIN_I2: sent MI2, expecting MR2
108 "conexion" #12: STATE_MAIN_I3: sent MI3, expecting MR3
004 "conexion" #12: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5
group=modp1536}
117 "conexion" #13: STATE_QUICK_I1: initiate
004 "conexion" #13: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0xe18c4562 <0x88a77768 xfrm=AES_0-HMAC_SHA1 IPCOMP=>0x0000c07b
<0x0000a194 NATD=none DPD=none}



ipsec.conf :

version 2.0
config setup
        interfaces=%defaultroute
        nat_traversal=yes
        klipsdebug=all
        plutodebug=none

conn %default
        keyingtries=3
        compress=yes
        disablearrivalcheck=no
        ikelifetime=20m
        keylife=60m
        rekey=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert


conn conexion
        keyingtries=1
        type=tunnel
        authby=rsasig
        rekey=yes
        left=200.48.225.2
        leftsubnet=10.10.9.0/16
        leftid=@200.48.225.2
        leftnexthop=200.48.225.1
        leftrsasigkey=0sAQ...
        right=192.0.2.9
        rightsubnet=10.11.1.0/24
        rightid=@192.0.2.9
        rightnexthop=192.0.2.8
        rightrsasigkey=0sAQ...
        auto=add

include /etc/ipsec.d/examples/no_oe.conf

help me please

PD: the selinux = disabled
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091019/7cf0dd03/attachment.html

More information about the Users mailing list