[Openswan Users] is my tunnel up? if so, help on why i cant pass traffic please
David McCullough
david_mccullough at mcafee.com
Mon Nov 15 18:18:57 EST 2010
Jivin Willie Gillespie lays it down ...
> matt.bazan at comcast.net wrote:
> > Nov 15 10:39:10 ellis pluto[31289]: "SF-To-Trenton" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x53edd6dd <0xde5b40b0 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
> >
> > according to this, if im reading it correctly, my tunnel is coming up succesffuly, correct? if so, im unable to ping the LAN side of either gateway from the remote firewall. this test should rule out there being any routing issues from servers on the LAN sides. any ideas what i could be missing? it's driving me nuts! thx-
>
> Yep, looks like it's coming up correctly. I would check your
> firewall/packet filters on either side at this point and make sure they
> are not dropping the packets.
When pinging from the firewall you need to make sure the packets have
src/dest addresses that match the tunnel. Usually you need to do something
like:
ping -I <firewalls LAN address> <other sides LAN address>
Where both supplied addresses match the leftsubnet and rightsubnet as
needed.
Cheers,
Davidm
--
David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
More information about the Users
mailing list