[Openswan Users] Openswan IPSEC tunel established but it work from one side only
Dario Garay
dgaray at gsystems.com.ar
Fri Jan 7 09:20:19 EST 2011
Good day people, i ´m new in the mail list. I need help whit my vpn connection because the connection established but only work from side A to B but not in reverse.
I have 2 routers ClearOs 5.2 and i´m trying to connect the 2 lan whit ipsec using Openswan IPsec U2.6.21/K2.6.18-194.8.1.v5 .
192.168.1.0/24 ===192.168.1.7(router A lan interface)====(External IP A)===INTERNET ===(External ip B) ====(router B lan interface)192.168.2.1====192.168.2.0/24
The connection established but from router B not work to router A.
Any suggest?
thnks
==============================================================================================
IPsec.conf ( Router A)
version 2.0
#config setup
# klipsdebug=all
# plutodebug=all
config setup
interfaces=%defaultroute
protostack=netkey
klipsdebug=all
plutodebug=all
conn g2tog1
auto=add
authby=secret
left=External IP B
leftsubnet=192.168.2.0/24
leftnexthop=192.168.2.1
right=External IP A
rightsubnet=192.168.1.0/24
rightnexthop=192.168.1.7
#ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.21/K2.6.18-194.8.1.v5 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: Georouter.gsystems.com.ar [MISSING]
Does the machine have at least one non-private address? [OK]
Looking for TXT in reverse dns zone: 117.168.61.200.in-addr.arpa. [MISSING]
# route
EXTERNAL ADDRESS A * 255.255.255.252 U 0 0 0 eth2
192.168.2.0 * 255.255.255.0 U 0 0 0 eth2
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
ping 192.168.1.111
PING 192.168.1.111 (192.168.1.111) 56(84) bytes of data.
64 bytes from 192.168.1.111: icmp_seq=1 ttl=128 time=1.41 ms
64 bytes from 192.168.1.111: icmp_seq=2 ttl=128 time=0.203 ms
64 bytes from 192.168.1.111: icmp_seq=3 ttl=128 time=0.197 ms
=============================================================================================
ipsec.conf (router B)
version 2.0
#config setup
# klipsdebug=all
# plutodebug=all
config setup
interfaces=%defaultroute
protostack=netkey
klipsdebug=all
plutodebug=all
conn g2tog1
auto=add
authby=secret
left=EXTERNAL IP B
leftsubnet=192.168.2.0/24
leftnexthop=192.168.2.1
right=EXTERNAL IP A
rightsubnet=192.168.1.0/24
rightnexthop=192.168.1.7
# route
EXTERNAL ADDRESS B * 255.255.255.252 U 0 0 0 eth2
192.168.2.0 * 255.255.255.0 U 0 0 0 eth2
#ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.21/K2.6.18-194.8.1.v5 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: Georouter.gsystems.com.ar [MISSING]
Does the machine have at least one non-private address? [OK]
Looking for TXT in reverse dns zone: 117.168.61.200.in-addr.arpa. [MISSING]
R. Dario
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110107/33b7bcdb/attachment-0001.html
More information about the Users
mailing list