[Openswan Users] problem to network no ping net-to-net

Paul Wouters paul at xelerance.com
Mon Oct 19 11:36:06 EDT 2009


On Mon, 19 Oct 2009, Walter Willis wrote:

> # ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan U2.4.15/K2.6.18-8.el5 (netkey)

>             Linux Openswan Uopenswan-2.4.9-31.el4/K2.6.18-128.1.6.el5 (netkey)

Check with route -n if you have a bogus route to the remote IP? If so, you should
grab the _updown script from an openswan 2.6.x (I posted it to the list a few days
ago for someone else too)

Paul

> 2.4.9? Upgrade to 2.4.15.
>
>       correctly assumes that the connection established, but the pins from the subnet to another subnet: ping reaches the other side, the machine responds the
>       ping, but ping does
>       not reach the other machine did not even see on the iptraf it arrives.
>
>       up the connection and I get this:
>       # ipsec auto --up conexion
>
>       104 "conexion" #12: STATE_MAIN_I1: initiate
>       003 "conexion" #12: received Vendor ID payload [Openswan (this version) 2.4.15  PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
>       003 "conexion" #12: received Vendor ID payload [Dead Peer Detection]
>       106 "conexion" #12: STATE_MAIN_I2: sent MI2, expecting MR2
>       108 "conexion" #12: STATE_MAIN_I3: sent MI3, expecting MR3
>       004 "conexion" #12: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
>       117 "conexion" #13: STATE_QUICK_I1: initiate
>       004 "conexion" #13: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xe18c4562 <0x88a77768 xfrm=AES_0-HMAC_SHA1 IPCOMP=>0x0000c07b <0x0000a194 NATD=none
>       DPD=none}
> 
> 
> Likely related to firewalling/natting. Check with "ipsec verify".
> 
> Paul
> 
> 
> 
>


More information about the Users mailing list