[Openswan Users] problem to network no ping net-to-net
Paul Wouters
paul at xelerance.com
Mon Oct 19 11:04:46 EDT 2009
On Mon, 19 Oct 2009, Walter Willis wrote:
> To: users at openswan.org
> Subject: [Openswan Users] problem to network no ping net-to-net
>
> Linux Openswan Uopenswan-2.4.9-31.el4/K2.6.18-128.1.6.el5 (netkey)
2.4.9? Upgrade to 2.4.15.
> correctly assumes that the connection established, but the pins from the subnet to another subnet: ping reaches the other side, the machine responds the ping, but ping does
> not reach the other machine did not even see on the iptraf it arrives.
>
> up the connection and I get this:
> # ipsec auto --up conexion
>
> 104 "conexion" #12: STATE_MAIN_I1: initiate
> 003 "conexion" #12: received Vendor ID payload [Openswan (this version) 2.4.15 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
> 003 "conexion" #12: received Vendor ID payload [Dead Peer Detection]
> 106 "conexion" #12: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "conexion" #12: STATE_MAIN_I3: sent MI3, expecting MR3
> 004 "conexion" #12: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
> 117 "conexion" #13: STATE_QUICK_I1: initiate
> 004 "conexion" #13: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xe18c4562 <0x88a77768 xfrm=AES_0-HMAC_SHA1 IPCOMP=>0x0000c07b <0x0000a194 NATD=none DPD=none}
Likely related to firewalling/natting. Check with "ipsec verify".
Paul
More information about the Users
mailing list