[Openswan Users] problem to network no ping net-to-net
Paul Wouters
paul at xelerance.com
Mon Oct 19 11:36:06 EDT 2009
On Mon, 19 Oct 2009, Walter Willis wrote:
> # ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan U2.4.15/K2.6.18-8.el5 (netkey)
> Linux Openswan Uopenswan-2.4.9-31.el4/K2.6.18-128.1.6.el5 (netkey)
Check with route -n if you have a bogus route to the remote IP? If so, you should
grab the _updown script from an openswan 2.6.x (I posted it to the list a few days
ago for someone else too)
Paul
> 2.4.9? Upgrade to 2.4.15.
>
> correctly assumes that the connection established, but the pins from the subnet to another subnet: ping reaches the other side, the machine responds the
> ping, but ping does
> not reach the other machine did not even see on the iptraf it arrives.
>
> up the connection and I get this:
> # ipsec auto --up conexion
>
> 104 "conexion" #12: STATE_MAIN_I1: initiate
> 003 "conexion" #12: received Vendor ID payload [Openswan (this version) 2.4.15 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
> 003 "conexion" #12: received Vendor ID payload [Dead Peer Detection]
> 106 "conexion" #12: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "conexion" #12: STATE_MAIN_I3: sent MI3, expecting MR3
> 004 "conexion" #12: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
> 117 "conexion" #13: STATE_QUICK_I1: initiate
> 004 "conexion" #13: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xe18c4562 <0x88a77768 xfrm=AES_0-HMAC_SHA1 IPCOMP=>0x0000c07b <0x0000a194 NATD=none
> DPD=none}
>
>
> Likely related to firewalling/natting. Check with "ipsec verify".
>
> Paul
>
>
>
>
More information about the Users
mailing list