[Openswan Users] but no connection has been authorized with policy=PSK
wgillespie+openswan at es2eng.com
Tue Apr 12 07:15:41 EDT 2011
On 4/12/2011 4:46 AM, Thomas Schweikle wrote:
> OK. This error is gone now. The tunnel seems to be established after
> restarting daemons on both machines. But:
> on the client:
> # ping 192.168.180.27
> PING 192.168.180.27 (192.168.180.27) 56(84) bytes of data.
> 64 bytes from 192.168.180.27: icmp_req=1 ttl=64 time=29.6 ms
> 64 bytes from 192.168.180.27: icmp_req=2 ttl=64 time=27.9 ms
> --- 192.168.180.27 ping statistics ---
> 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
> rtt min/avg/max/mdev = 27.991/28.820/29.650/0.846 ms
> on the server:
> $ ping 192.168.1.4
> PING 192.168.1.4 (192.168.1.4) 56(84) bytes of data.
> --- 192.168.1.4 ping statistics ---
> 67 packets transmitted, 0 received, 100% packet loss, time 66007ms
> Packets from client to server are OK, but not the other way round :-(
> But even if only the client can start a connection, I need a
> transparent tunnel between both! On any system within both subnets
> I'd like to just ping any host. It shouldn't mater where they are
> I am testing with subnets:
If the tunnel is up properly (will say "STATE_QUICK_I2: sent QI2, IPsec
SA established tunnel mode" in the logs) then I've always seen this as a
filtering or forwarding issue.
You'll want to check the firewalls on both ends to make sure that they
are passing the proper traffic (both ways).
More information about the Users