[Openswan Users] Openswan IPSEC tunel established but it work from one side only

Dario Garay dgaray at gsystems.com.ar
Fri Jan 7 14:53:08 EST 2011


Yes, establish the tunnel

cat secure|grep IPsec

16:31:19 Georouter pluto[22280]: "g2tog1" #4: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x2214ebbc <0xad9ce3fe xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}

[root at Georouter log]# ipsec setup --status
IPsec running  - pluto pid: 22280
pluto pid 22280
2 tunnels up
some eroutes exist

 R. Dario Garay
 


-----Mensaje original-----
De: Willie Gillespie [mailto:wgillespie+openswan at es2eng.com] 
Enviado el: Viernes, 07 de Enero de 2011 04:29 p.m.
Para: Dario Garay
CC: users at openswan.org
Asunto: Re: [Openswan Users] Openswan IPSEC tunel established but it work from one side only

Dario Garay wrote:
> And this is very strange.... the ping from 192.168.1.7 works whit ipsec service Stopped.
> 
> 
> [root at Georouter ~]# ipsec auto --down g2tog1
> [root at Georouter ~]# service ipsec stop
> ipsec_setup: Stopping Openswan IPsec...
> [root at Georouter ~]# ipsec setup --status
> IPsec stopped
> [root at Georouter ~]# ping 192.168.2.1
> PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
> 64 bytes from 192.168.2.1: icmp_seq=1 ttl=253 time=5.98 ms

Hmm, are you sure that the IPsec tunnel is up when the service is 
started?  Do you see an "STATE_QUICK_R2: IPsec SA established" in your 
log files (like /var/log/auth.log)?


More information about the Users mailing list