[Openswan Users] strange problem with openswan and local services on vpn gateway

M L maricolist at gmail.com
Sat Jul 2 07:36:45 EDT 2011


I have ssh daemon but haven't tested (yet) connection to sshd (from
192.168.106.0/24 to 192.168.101.113:22 ).
I guess it will fail, too.
Of course I tested connection (routing) from other hosts located on my
192.168.2.128/26 network, for example
on host 192.168.2.182 I added route to 192.168.101.113 via gw
192.168.2.191 and connection from 192.168.2.182
to 192.168.101.113:443 works as expected...
I've seen similar problem before (packet was visible in tcpdump but
not passed further) when packet had broken
 crc checksum (was generated by broken embeded tcp/ip stack). But in
my case 192.168.106.133 (packet source)
is a Linux +  Checkpoint as it's ipsec gateway and it *works*  when I
initiate connection from 192.168.106.133 to
hosts in 192.168.106.0/24 network.
.

regards,
-- 
Marico

2011/7/2 Willie Gillespie <wgillespie+openswan at es2eng.com>:
> On 7/1/2011 2:49 PM, M L wrote:
>> Hello,
>> I have some strange problem with Linux Openswan U2.6.23/K2.6.26-2-686
>> (netkey) on Debian.
>>
>> Which possible reasons (when nothing is filtered) could cause such
>> problems that packed is delivered to INPUT chain but connection is not
>> "passed"
>> to application layer?
>
> That is a bizarre problem.  Do you have another service besides Apache
> on that same host you could check?  If it works fine, then maybe look
> closer at the Apache config.  If not... hmmm.... dunno.
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>


More information about the Users mailing list