[Openswan Users] but no connection has been authorized with policy=PSK
Willie Gillespie
wgillespie+openswan at es2eng.com
Tue Apr 12 07:15:41 EDT 2011
On 4/12/2011 4:46 AM, Thomas Schweikle wrote:
> OK. This error is gone now. The tunnel seems to be established after
> restarting daemons on both machines. But:
>
> on the client:
> # ping 192.168.180.27
> PING 192.168.180.27 (192.168.180.27) 56(84) bytes of data.
> 64 bytes from 192.168.180.27: icmp_req=1 ttl=64 time=29.6 ms
> 64 bytes from 192.168.180.27: icmp_req=2 ttl=64 time=27.9 ms
> ^C
> --- 192.168.180.27 ping statistics ---
> 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
> rtt min/avg/max/mdev = 27.991/28.820/29.650/0.846 ms
>
> on the server:
> $ ping 192.168.1.4
> PING 192.168.1.4 (192.168.1.4) 56(84) bytes of data.
> ^C
> --- 192.168.1.4 ping statistics ---
> 67 packets transmitted, 0 received, 100% packet loss, time 66007ms
>
> Packets from client to server are OK, but not the other way round :-(
>
> But even if only the client can start a connection, I need a
> transparent tunnel between both! On any system within both subnets
> I'd like to just ping any host. It shouldn't mater where they are
> located.
>
> I am testing with subnets:
> 192.168.180.0/23
> 192.168.1.0/24
If the tunnel is up properly (will say "STATE_QUICK_I2: sent QI2, IPsec
SA established tunnel mode" in the logs) then I've always seen this as a
filtering or forwarding issue.
You'll want to check the firewalls on both ends to make sure that they
are passing the proper traffic (both ways).
More information about the Users
mailing list