[Openswan Users] can ping from one side of tunnel but not from theother
matt.bazan at comcast.net
matt.bazan at comcast.net
Thu Nov 18 20:04:46 EST 2010
ahhh..i just did an iptables -L listing again and those esp/ah/isakmp lines are not there. do they only show up when the tunnel is active for some reason?
also, now when i try to ping from the right hand side (which was working) im getting:
'ping: sendmsg: Operation not permitted' say what?!
is openswan alwasy this tough to get running? thx-
----- "Willie Gillespie" <wgillespie+openswan at es2eng.com> wrote:
> Your packet filter on openswan-right is dropping protocol 50 (ESP)
> packets.
>
> Notice on "ubuntuFW" that you have:
> ACCEPT esp -- anywhere anywhere
> ACCEPT ah -- anywhere anywhere
>
> I don't see that on "ellis"
>
> matt.bazan at comcast.net wrote:
> > here are the relevant details:
> >
> > RIGHT HAND SIDE:
> >
> > openswan-right at ellis:~$ sudo ipsec verify
> > Checking your system to see if IPsec got installed and started
> correctly:
> > Version check and ipsec on-path [OK]
> > Linux Openswan U2.6.23/K2.6.32-24-server (netkey)
> > Checking for IPsec support in kernel [OK]
> > NETKEY detected, testing for disabled ICMP send_redirects
> [FAILED]
> >
> > Please disable /proc/sys/net/ipv4/conf/*/send_redirects
> > or NETKEY will cause the sending of bogus ICMP redirects!
> >
> > NETKEY detected, testing for disabled ICMP accept_redirects [OK]
> > Checking for RSA private key (/etc/ipsec.secrets) [OK]
> > Checking that pluto is running [OK]
> > Pluto listening for IKE on udp 500 [OK]
> > Pluto listening for NAT-T on udp 4500 [OK]
> > Two or more interfaces found, checking IP forwarding [OK]
> > Checking NAT and MASQUERADEing
> > Checking for 'ip' command [OK]
> > Checking for 'iptables' command [OK]
> > Opportunistic Encryption Support
> [DISABLED]
> >
> >
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > openswan-right at ellis:~$ sudo iptables -L
> > Chain INPUT (policy DROP)
> > target prot opt source destination
> > ufw-before-logging-input all -- anywhere anywhere
>
> > ufw-before-input all -- anywhere anywhere
>
> > ufw-after-input all -- anywhere anywhere
> > ufw-after-logging-input all -- anywhere anywhere
>
> > ufw-reject-input all -- anywhere anywhere
>
> > ufw-track-input all -- anywhere anywhere
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> > ufw-before-logging-forward all -- anywhere anywhere
>
> > ufw-before-forward all -- anywhere anywhere
>
> > ufw-after-forward all -- anywhere anywhere
>
> > ufw-after-logging-forward all -- anywhere anywhere
>
> > ufw-reject-forward all -- anywhere anywhere
>
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> > ufw-before-logging-output all -- anywhere anywhere
>
> > ufw-before-output all -- anywhere anywhere
>
> > ufw-after-output all -- anywhere anywhere
>
> > ufw-after-logging-output all -- anywhere anywhere
>
> > ufw-reject-output all -- anywhere anywhere
>
> > ufw-track-output all -- anywhere anywhere
>
> >
> > Chain ufw-after-forward (1 references)
> > target prot opt source destination
> >
> > Chain ufw-after-input (1 references)
> > target prot opt source destination
> > ufw-skip-to-policy-input udp -- anywhere anywhere
> udp dpt:netbios-ns
> > ufw-skip-to-policy-input udp -- anywhere anywhere
> udp dpt:netbios-dgm
> > ufw-skip-to-policy-input tcp -- anywhere anywhere
> tcp dpt:netbios-ssn
> > ufw-skip-to-policy-input tcp -- anywhere anywhere
> tcp dpt:microsoft-ds
> > ufw-skip-to-policy-input udp -- anywhere anywhere
> udp dpt:bootps
> > ufw-skip-to-policy-input udp -- anywhere anywhere
> udp dpt:bootpc
> > ufw-skip-to-policy-input all -- anywhere anywhere
> ADDRTYPE match dst-type BROADCAST
> >
> > Chain ufw-after-logging-forward (1 references)
> > target prot opt source destination
> >
> > Chain ufw-after-logging-input (1 references)
> > target prot opt source destination
> > LOG all -- anywhere anywhere limit:
> avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] '
> >
> > Chain ufw-after-logging-output (1 references)
> > target prot opt source destination
> >
> > Chain ufw-after-output (1 references)
> > target prot opt source destination
> >
> > Chain ufw-before-forward (1 references)
> > target prot opt source destination
> > ufw-user-forward all -- anywhere anywhere
>
> >
> > Chain ufw-before-input (1 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> > ufw-logging-deny all -- anywhere anywhere
> state INVALID
> > DROP all -- anywhere anywhere state
> INVALID
> > ACCEPT icmp -- anywhere anywhere icmp
> destination-unreachable
> > ACCEPT icmp -- anywhere anywhere icmp
> source-quench
> > ACCEPT icmp -- anywhere anywhere icmp
> time-exceeded
> > ACCEPT icmp -- anywhere anywhere icmp
> parameter-problem
> > ACCEPT icmp -- anywhere anywhere icmp
> echo-request
> > ACCEPT udp -- anywhere anywhere udp
> spt:bootps dpt:bootpc
> > ufw-not-local all -- anywhere anywhere
> > ACCEPT all -- BASE-ADDRESS.MCAST.NET/4 anywhere
> > ACCEPT all -- anywhere BASE-ADDRESS.MCAST.NET/4
> > ufw-user-input all -- anywhere anywhere
> >
> > Chain ufw-before-logging-forward (1 references)
> > target prot opt source destination
> >
> > Chain ufw-before-logging-input (1 references)
> > target prot opt source destination
> >
> > Chain ufw-before-logging-output (1 references)
> > target prot opt source destination
> >
> > Chain ufw-before-output (1 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> > ufw-user-output all -- anywhere anywhere
> >
> > Chain ufw-logging-allow (0 references)
> > target prot opt source destination
> > LOG all -- anywhere anywhere limit:
> avg 3/min burst 10 LOG level warning prefix `[UFW ALLOW] '
> >
> > Chain ufw-logging-deny (2 references)
> > target prot opt source destination
> > RETURN all -- anywhere anywhere state
> INVALID limit: avg 3/min burst 10
> > LOG all -- anywhere anywhere limit:
> avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] '
> >
> > Chain ufw-not-local (1 references)
> > target prot opt source destination
> > RETURN all -- anywhere anywhere
> ADDRTYPE match dst-type LOCAL
> > RETURN all -- anywhere anywhere
> ADDRTYPE match dst-type MULTICAST
> > RETURN all -- anywhere anywhere
> ADDRTYPE match dst-type BROADCAST
> > ufw-logging-deny all -- anywhere anywhere
> limit: avg 3/min burst 10
> > DROP all -- anywhere anywhere
> >
> > Chain ufw-reject-forward (1 references)
> > target prot opt source destination
> >
> > Chain ufw-reject-input (1 references)
> > target prot opt source destination
> >
> > Chain ufw-reject-output (1 references)
> > target prot opt source destination
> >
> > Chain ufw-skip-to-policy-forward (0 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> >
> > Chain ufw-skip-to-policy-input (7 references)
> > target prot opt source destination
> > DROP all -- anywhere anywhere
> >
> > Chain ufw-skip-to-policy-output (0 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> >
> > Chain ufw-track-input (1 references)
> > target prot opt source destination
> >
> > Chain ufw-track-output (1 references)
> > target prot opt source destination
> > ACCEPT tcp -- anywhere anywhere state
> NEW
> > ACCEPT udp -- anywhere anywhere state
> NEW
> >
> > Chain ufw-user-forward (1 references)
> > target prot opt source destination
> >
> > Chain ufw-user-input (1 references)
> > target prot opt source destination
> > ACCEPT tcp -- anywhere anywhere tcp
> dpt:ssh
> > ACCEPT udp -- anywhere anywhere udp
> dpt:ssh
> > ACCEPT tcp -- anywhere anywhere tcp
> dpt:22022
> > ACCEPT udp -- anywhere anywhere udp
> dpt:22022
> > ACCEPT udp -- anywhere anywhere udp
> dpt:isakmp
> > ACCEPT udp -- anywhere anywhere udp
> dpt:4500
> >
> > Chain ufw-user-limit (0 references)
> > target prot opt source destination
> > LOG all -- anywhere anywhere limit:
> avg 3/min burst 5 LOG level warning prefix `[UFW LIMIT BLOCK] '
> > REJECT all -- anywhere anywhere
> reject-with icmp-port-unreachable
> >
> > Chain ufw-user-limit-accept (0 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> >
> > Chain ufw-user-logging-forward (0 references)
> > target prot opt source destination
> >
> > Chain ufw-user-logging-input (0 references)
> > target prot opt source destination
> >
> > Chain ufw-user-logging-output (0 references)
> > target prot opt source destination
> >
> > Chain ufw-user-output (1 references)
> > target prot opt source destination
> >
> >
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > openswan-right at ellis:~$ sudo ufw status
> > Status: active
> >
> > To Action From
> > -- ------ ----
> > 22 ALLOW Anywhere
> > 22022 ALLOW Anywhere
> > 500/udp ALLOW Anywhere
> > 4500/udp ALLOW Anywhere
> >
> >
> ******************************************************************************************************************************
> >
> > LEFT HAND SIDE:
> >
> > openswan-left at ubuntuFW:~$ sudo ipsec verify
> > Checking your system to see if IPsec got installed and started
> correctly:
> > Version check and ipsec on-path [OK]
> > Linux Openswan U2.6.22/K2.6.31-14-server (netkey)
> > Checking for IPsec support in kernel [OK]
> > NETKEY detected, testing for disabled ICMP send_redirects
> [FAILED]
> >
> > Please disable /proc/sys/net/ipv4/conf/*/send_redirects
> > or NETKEY will cause the sending of bogus ICMP redirects!
> >
> > NETKEY detected, testing for disabled ICMP accept_redirects [OK]
> > Checking for RSA private key (/etc/ipsec.secrets) [OK]
> > Checking that pluto is running [OK]
> > Two or more interfaces found, checking IP forwarding [OK]
> > Checking NAT and MASQUERADEing
> > Checking for 'ip' command [OK]
> > Checking for 'iptables' command [OK]
> > Opportunistic Encryption Support
> [DISABLED]
> >
> >
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > openswan-left at ubuntuFW:~$ sudo iptables -L
> > Chain INPUT (policy DROP)
> > target prot opt source destination
> > AS0_ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> > AS0_ACCEPT all -- anywhere anywhere
> > AS0_IN_PRE all -- anywhere anywhere mark
> match 0x2000000/0x2000000
> > AS0_ACCEPT tcp -- anywhere
> adsl-XX-XXX-X-XX.dsl.pltn13.pacbell.net state NEW tcp dpt:915
> > AS0_ACCEPT tcp -- anywhere
> adsl-XX-XXX-X-XX.dsl.pltn13.pacbell.net state NEW tcp dpt:914
> > AS0_ACCEPT udp -- anywhere
> adsl-XX-XXX-X-XX.dsl.pltn13.pacbell.net state NEW udp dpt:917
> > AS0_ACCEPT udp -- anywhere
> adsl-XX-XXX-X-XX.dsl.pltn13.pacbell.net state NEW udp dpt:916
> > AS0_WEBACCEPT all -- anywhere anywhere
> state RELATED,ESTABLISHED
> > AS0_WEBACCEPT tcp -- anywhere
> adsl-XX-XXX-X-XX.dsl.pltn13.pacbell.net state NEW tcp dpt:943
> > ufw-before-logging-input all -- anywhere anywhere
>
> > ufw-before-input all -- anywhere anywhere
>
> > ufw-after-input all -- anywhere anywhere
> > ufw-after-logging-input all -- anywhere anywhere
>
> > ufw-reject-input all -- anywhere anywhere
>
> > ufw-track-input all -- anywhere anywhere
> > ACCEPT esp -- anywhere anywhere
> > ACCEPT ah -- anywhere anywhere
> > ACCEPT udp -- anywhere anywhere udp
> dpt:isakmp
> > ACCEPT udp -- anywhere anywhere udp
> dpt:4500
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> > AS0_ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> > AS0_IN_PRE all -- anywhere anywhere mark
> match 0x2000000/0x2000000
> > AS0_OUT_S2C all -- anywhere anywhere
> > ufw-before-logging-forward all -- anywhere anywhere
>
> > ufw-before-forward all -- anywhere anywhere
>
> > ufw-after-forward all -- anywhere anywhere
>
> > ufw-after-logging-forward all -- anywhere anywhere
>
> > ufw-reject-forward all -- anywhere anywhere
>
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> > AS0_OUT_LOCAL all -- anywhere anywhere
> > ufw-before-logging-output all -- anywhere anywhere
>
> > ufw-before-output all -- anywhere anywhere
>
> > ufw-after-output all -- anywhere anywhere
>
> > ufw-after-logging-output all -- anywhere anywhere
>
> > ufw-reject-output all -- anywhere anywhere
>
> > ufw-track-output all -- anywhere anywhere
>
> >
> > Chain AS0_ACCEPT (7 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> >
> > Chain AS0_IN (7 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere 5.5.0.1
> > ACCEPT all -- anywhere 5.5.12.1
> > ACCEPT all -- anywhere 5.5.4.1
> > ACCEPT all -- anywhere 5.5.8.1
> > ACCEPT all -- anywhere 192.168.0.0/16
> > ACCEPT all -- anywhere 10.0.0.0/8
> > ACCEPT all -- anywhere 172.16.0.0/12
> > AS0_IN_POST all -- anywhere anywhere
> >
> > Chain AS0_IN_POST (1 references)
> > target prot opt source destination
> > AS0_OUT all -- anywhere anywhere
> > DROP all -- anywhere anywhere
> >
> > Chain AS0_IN_PRE (2 references)
> > target prot opt source destination
> > AS0_IN all -- anywhere 5.5.4.0/22
> > AS0_IN all -- anywhere 5.5.0.0/22
> > AS0_IN all -- anywhere 5.5.12.0/22
> > AS0_IN all -- anywhere 5.5.8.0/22
> > AS0_IN all -- anywhere 172.16.0.0/12
> > AS0_IN all -- anywhere 192.168.0.0/16
> > AS0_IN all -- anywhere 10.0.0.0/8
> > ACCEPT all -- anywhere anywhere
> >
> > Chain AS0_OUT (2 references)
> > target prot opt source destination
> > DROP all -- anywhere anywhere
> >
> > Chain AS0_OUT_LOCAL (1 references)
> > target prot opt source destination
> > DROP icmp -- anywhere anywhere icmp
> redirect
> > ACCEPT all -- anywhere anywhere
> >
> > Chain AS0_OUT_S2C (1 references)
> > target prot opt source destination
> > AS0_OUT all -- anywhere anywhere
> >
> > Chain AS0_WEBACCEPT (2 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> >
> > Chain ufw-after-forward (1 references)
> > target prot opt source destination
> >
> > Chain ufw-after-input (1 references)
> > target prot opt source destination
> > RETURN udp -- anywhere anywhere udp
> dpt:netbios-ns
> > RETURN udp -- anywhere anywhere udp
> dpt:netbios-dgm
> > RETURN tcp -- anywhere anywhere tcp
> dpt:netbios-ssn
> > RETURN tcp -- anywhere anywhere tcp
> dpt:microsoft-ds
> > RETURN udp -- anywhere anywhere udp
> dpt:bootps
> > RETURN udp -- anywhere anywhere udp
> dpt:bootpc
> > RETURN all -- anywhere anywhere
> ADDRTYPE match dst-type BROADCAST
> >
> > Chain ufw-after-logging-forward (1 references)
> > target prot opt source destination
> >
> > Chain ufw-after-logging-input (1 references)
> > target prot opt source destination
> >
> > Chain ufw-after-logging-output (1 references)
> > target prot opt source destination
> >
> > Chain ufw-after-output (1 references)
> > target prot opt source destination
> >
> > Chain ufw-before-forward (1 references)
> > target prot opt source destination
> > ufw-user-forward all -- anywhere anywhere
>
> >
> > Chain ufw-before-input (1 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> > ufw-logging-deny all -- anywhere anywhere
> state INVALID
> > DROP all -- anywhere anywhere state
> INVALID
> > ACCEPT icmp -- anywhere anywhere icmp
> destination-unreachable
> > ACCEPT icmp -- anywhere anywhere icmp
> source-quench
> > ACCEPT icmp -- anywhere anywhere icmp
> time-exceeded
> > ACCEPT icmp -- anywhere anywhere icmp
> parameter-problem
> > ACCEPT icmp -- anywhere anywhere icmp
> echo-request
> > ACCEPT udp -- anywhere anywhere udp
> spt:bootps dpt:bootpc
> > ufw-not-local all -- anywhere anywhere
> > ACCEPT all -- BASE-ADDRESS.MCAST.NET/4 anywhere
> > ACCEPT all -- anywhere BASE-ADDRESS.MCAST.NET/4
> > ufw-user-input all -- anywhere anywhere
> >
> > Chain ufw-before-logging-forward (1 references)
> > target prot opt source destination
> >
> > Chain ufw-before-logging-input (1 references)
> > target prot opt source destination
> >
> > Chain ufw-before-logging-output (1 references)
> > target prot opt source destination
> >
> > Chain ufw-before-output (1 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> > ufw-user-output all -- anywhere anywhere
> >
> > Chain ufw-logging-allow (0 references)
> > target prot opt source destination
> >
> > Chain ufw-logging-deny (2 references)
> > target prot opt source destination
> >
> > Chain ufw-not-local (1 references)
> > target prot opt source destination
> > RETURN all -- anywhere anywhere
> ADDRTYPE match dst-type LOCAL
> > RETURN all -- anywhere anywhere
> ADDRTYPE match dst-type MULTICAST
> > RETURN all -- anywhere anywhere
> ADDRTYPE match dst-type BROADCAST
> > ufw-logging-deny all -- anywhere anywhere
> limit: avg 3/min burst 10
> > DROP all -- anywhere anywhere
> >
> > Chain ufw-reject-forward (1 references)
> > target prot opt source destination
> >
> > Chain ufw-reject-input (1 references)
> > target prot opt source destination
> >
> > Chain ufw-reject-output (1 references)
> > target prot opt source destination
> >
> > Chain ufw-track-input (1 references)
> > target prot opt source destination
> >
> > Chain ufw-track-output (1 references)
> > target prot opt source destination
> > ACCEPT tcp -- anywhere anywhere state
> NEW
> > ACCEPT udp -- anywhere anywhere state
> NEW
> >
> > Chain ufw-user-forward (1 references)
> > target prot opt source destination
> >
> > Chain ufw-user-input (1 references)
> > target prot opt source destination
> > ACCEPT tcp -- anywhere anywhere tcp
> dpt:ssh
> > ACCEPT udp -- anywhere anywhere udp
> dpt:ssh
> > ACCEPT all -- 192.168.0.0/24 anywhere
> > ACCEPT all -- 10.0.0.0/24 anywhere
> > ACCEPT udp -- anywhere anywhere udp
> dpt:isakmp
> > ACCEPT udp -- anywhere anywhere udp
> dpt:4500
> > ACCEPT tcp -- anywhere anywhere tcp
> dpt:re-mail-ck
> > ACCEPT udp -- anywhere anywhere udp
> dpt:re-mail-ck
> > ACCEPT tcp -- anywhere anywhere tcp
> dpt:1723
> > ACCEPT udp -- anywhere anywhere udp
> dpt:1723
> > ACCEPT tcp -- anywhere anywhere tcp
> dpt:openvpn
> > ACCEPT udp -- anywhere anywhere udp
> dpt:openvpn
> >
> > Chain ufw-user-limit (0 references)
> > target prot opt source destination
> > LOG all -- anywhere anywhere limit:
> avg 3/min burst 5 LOG level warning prefix `[UFW LIMIT BLOCK] '
> > REJECT all -- anywhere anywhere
> reject-with icmp-port-unreachable
> >
> > Chain ufw-user-limit-accept (0 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> >
> > Chain ufw-user-logging-forward (0 references)
> > target prot opt source destination
> > RETURN all -- anywhere anywhere
> >
> > Chain ufw-user-logging-input (0 references)
> > target prot opt source destination
> > RETURN all -- anywhere anywhere
> >
> > Chain ufw-user-logging-output (0 references)
> > target prot opt source destination
> > RETURN all -- anywhere anywhere
> >
> > Chain ufw-user-output (1 references)
> > target prot opt source destination
> >
> >
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> >
> > openswan-left at ubuntuFW:~$ sudo ufw status
> > Status: active
> >
> > To Action From
> > -- ------ ----
> > 22 ALLOW Anywhere
> > Anywhere ALLOW 192.168.0.0/24
> > Anywhere ALLOW 10.0.0.0/24
> > 500/udp ALLOW Anywhere
> > 4500/udp ALLOW Anywhere
> > 50 ALLOW Anywhere
> > 1723 ALLOW Anywhere
> > 1194 ALLOW Anywhere
> >
> >
> >
> > thx,
> > matt
> > ----- "Randy Wyatt" <rwyatt at nvtl.com> wrote:
> >
> >> Have you run ipsec verify?
> >>
> >> Do you have forwarding enabled?
> >>
> >> What iptables rules are you using?
> >>
> >> Regards,
> >> Randy
> >>
> >>
> >> -----Original Message-----
> >> From: users-bounces at openswan.org on behalf of
> matt.bazan at comcast.net
> >> Sent: Wed 11/17/2010 9:14 PM
> >> To: users at openswan.org
> >> Subject: [Openswan Users] can ping from one side of tunnel but not
> >> from theother
> >>
> >> Have a basic left hand side/ right hand side tunnel. i can ping
> from
> >> the right hand side LAN IP of firewall running openswan (not
> behind
> >> NAT device) to left hand side LAN IP of openswan server (again,
> not
> >> behind NAT device) but am unable to ping from left hand LAN to
> right
> >> hand LAN. using UFW for firewall setup and both sides have same
> rule
> >> sets. have verified ipsec.conf config. what could i be missing?
> >> according to logs tunnel is up on both ends (ping wouldnt work
> from
> >> either side if this were the case, correct?) thx-
> >>
> >> -m
> >> _______________________________________________
> >> Users at openswan.org
> >> http://lists.openswan.org/mailman/listinfo/users
> >> Micropayments:
> >> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> >> Building and Integrating Virtual Private Networks with Openswan:
> >>
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Micropayments:
> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> >
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list