[Openswan Users] Help with Checkpoint VPN configuration
Willie Gillespie
wgillespie+openswan at es2eng.com
Mon Aug 1 10:30:22 EDT 2011
Try adding UDP port 4500 also (which allows for NAT-T)
On 07/28/2011 01:33 PM, victorjabur at gmail.com wrote:
> I'm not an expert on infrastructure. I'm developer and i don't have much
> knowledgement about firewall and linux.
>
> I tried to run these commands to open the UDP Port 500.
>
> iptables -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT
> iptables -A OUTPUT -p udp --sport 500 --dport 500 -j ACCEPT
> # we need to allow ESP
> iptables -A INPUT -p 50 -j ACCEPT
> iptables -A OUTPUT -p 50 -j ACCEPT
> # and AH r
> iptables -A INPUT -p 51 -j ACCEPT
> iptables -A OUTPUT -p 51 -j ACCEPT
>
> iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
>
> But the same message persist.
>
> 1) How commands should i execute to resolve this error ?
> 2) What ports and rules should be appended to firewall to make openswan
> works on linux, there is any document for this ?
>
> Thanks.
> Victor
>
> 2011/7/28 Paul Wouters <paul at xelerance.com <mailto:paul at xelerance.com>>
>
> On Thu, 28 Jul 2011, victorjabur at gmail.com
> <mailto:victorjabur at gmail.com> wrote:
>
> I correct the command leftxauthuser to leftxauthusername and it
> works.
>
> This is the currently log, can you tell me why the connection
> isn't work ?
>
>
> 000 #2: "company":500 STATE_MAIN_I1 (sent MI1, expecting MR1);
> EVENT_RETRANSMIT in 22s; nodpd; idle; import:admin
>
> Your first packet is not received or answered. Check firewall rules.
>
> Paul
>
>
>
>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list