[Openswan Users] Tunnel initiates to Sonicwall but cannot reach anything inside network
Paul Wouters
paul at xelerance.com
Tue Feb 16 10:32:05 EST 2010
On Mon, 15 Feb 2010, Michael Leonetti wrote:
> conn sonicwall
> left=(leftip)
> leftsubnet=10.1.1.0/24
> leftid=(leftid)
> right=(rightip)
> rightsubnet=10.10.12.0/24
> rightid=(rightid)
> keyingtries=0
> pfs=no
> aggrmode=yes
> auto=add
> auth=esp
> esp=3des-sha1
> ike=3des-sha1
> authby=secret
> xauth=no
> keyexchange=ike
> fortissimo linux # ipsec auto --up sonicwall
> 003 "sonicwall" #5: multiple transforms were set in aggressive mode. Only first one used.
> 003 "sonicwall" #5: transform (5,2,2,0) ignored.
This log does not match the config above? It claims you have multiple ike= proposals,
instead of just one?
> When I try to reach anything in the network:
>
> fortissimo linux # ping 10.10.12.199
> PING 10.10.12.199 (10.10.12.199) 56(84) bytes of data.
> From 130.81.12.202 icmp_seq=6 Destination Net Unreachable
If this is on the server itself, you need to add a leftsourceip= or
use ping -I to ensure packets match your subnet (and not your public ip)
> fortissimo linux # ping 10.10.12.1
> PING 10.10.12.1 (10.10.12.1) 56(84) bytes of data.
> 64 bytes from 10.10.12.1: icmp_seq=1 ttl=243 time=21.1 ms
If the remote server is doing NAT and IPsec, you need to exclude NATing
IPsec packets.
If the remote server is not the default gateway of 10.10.12.199, you might
need to add some routing to those machines.
Paul
More information about the Users
mailing list