[Openswan Users] IPsec-Setup
Willie Gillespie
wgillespie+openswan at es2eng.com
Wed Apr 13 10:42:29 EDT 2011
On 04/13/2011 07:02 AM, Thomas Schweikle wrote:
> Both gateways just do not forward any packets!
Care to do a little troubleshooting with me?
Load up tcpdump on 192.168.1.4 and 222.66.76.27. Do you have two
network cards in either of these machines? I guess I'm really just
interested in ICMP, ESP, and ISAKMP packets.
I haven't tested it, but I imagine a line like this should cover it:
tcpdump -i eth0 icmp or esp or tcp port 500 or tcp port 4500
Once you have tcpdump up and running, ping from 192.168.1.98 to
192.168.180.30. Save the tcpdump results from both servers.
Then load up tcpdump again and ping the opposite direction from
192.168.180.30 to 192.168.1.98. Save those results too. I'd be
interested in seeing what the results are and where it is failing.
If it is working (which it is not), we should see for the first case:
On the close server (192.168.1.4):
An incoming ICMP echo-request from 192.168.1.98 to 192.168.180.30
An outgoing ESP packet to 222.66.76.27
On the far server (222.66.76.27):
An incoming ESP packet from ww.xx.yy.zz
An incoming ICMP echo-request from 192.168.1.98 to 192.168.180.30
An outgoing ICMP echo-request from 192.168.1.98 to 192.168.180.30
An incoming ICMP echo-reply from 192.168.180.30 to 192.168.1.98
An outgoing ESP packet to ww.xx.yy.zz
On 192.168.1.4 again:
An incoming ESP packet from 222.66.76.27
An incoming ICMP echo-reply from 192.168.180.30 to 192.168.1.98
An outgoing ICMP echo-reply from 192.168.180.30 to 192.168.1.98
More information about the Users
mailing list