[Openswan Users] Cant Ping, or anything BUT i have a connection

[Luis Nagaki]

Sorry! i thought i added a link to the files.

heres the conf file on the Server

conn client_03
    left=%any
    leftsubnet=10.0.3.1/27
    leftid=@client_03
    leftsourceip=10.0.3.25
    leftrsasigkey=0sAQP5m6IY...
    leftnexthop=%defaultroute
    right=PUBLIC IP
    rightsubnet=10.0.1.64/28
    rightid=@server
    rightsourceip=10.0.1.69
    rightrsasigkey=0sAQPRU...
    rightnexthop=PUBLIC IP GATEWAY
    rekey=yes
    dpddelay=15
    dpdtimeout=30
    dpdaction=restart_by_peer
    auto=start


conn server
    left=%defaultroute
    leftsubnet=10.0.3.1/27
    leftid=@client_03
    leftsourceip=10.0.3.25
    leftrsasigkey=0sAQP5m...
    leftnexthop=%defaultroute
    right=PUBLIC IP OF SERVER
    rightsubnet=10.1.0.64/28
    rightid=@server
    rightsourceip=10.1.0.69
    rightrsasigkey=0sAQPRU...
    rightnexthop=PUBLIC IP GATEWAY
    rekey=yes
    dpddelay=15
    dpdtimeout=30
    dpdaction=restart_by_peer
    auto=start



config setup for server

config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="control parsing"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        #plutostderrlog=/var/log/ipsec
        protostack=netkey
        listen=PUBLIC IP
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.1.0/24,%v4:10.0.3.1/27,%v4:10.1.0.64/28,%v6:fd00::/8,%v6:fe80::/10
        nat_traversal=yes
        #virtual_private=
        oe=off
        # Enable this if you see "failed to find any available worker"
        # nhelpers=0

#You may put your configuration (.conf) file in the "/etc/ipsec.d/"
include /etc/ipsec.d/*.conf


config setup on client

config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        #klipsdebug=all
        #plutodebug="control parsing"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        plutostderrlog=/var/log/ipsec
        protostack=netkey
        nat_traversal=yes
        #virtual_private=
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:10.1.0.64/28,%v4:10.0.3.1/27%v6:fd00::/8,%v6:fe80::/10
        oe=off
        # Enable this if you see "failed to find any available worker"
        # nhelpers=0
#You may put your configuration (.conf) file in the "/etc/ipsec.d/"
and uncomment this.
include /etc/ipsec.d/*.conf

Now the tunnel is up.. i can confirm..

please note that on the Server i have VRRP / HA on both the internal
Nic and the External Nic as well

so Internal VIP ----Server ---- External VIP ---------Cloud /
Internet--------External IP of Router ---- Internal IP(DHCP)
----Client----Internal Static IP from Right / Client side needs to
reach..

routes are in place etc

hope that helps!



On Wed, Aug 15, 2012 at 9:52 PM, Muhammad El-Sergani <msergani at gmail.com> wrote:
> Hello Luis,
>
> I think you need to describe your network and provide your configuration
> files with some IPs, for someone to be able to help.
>
> Sent from my Galaxy Tab
>
> On Aug 16, 2012 3:13 AM, "Luis Nagaki" <luis.nagaki at gmail.com> wrote:
>>
>> Guys,
>>
>> so weird.. using Fedora 17 with the latest openswan that comes with it
>> and i am able to get a connection going. the tunnel is confirmed up
>> and i can see in tcpdump the ping and anything else going through. BUT
>> nothig happens. ping or ssh wont work. iptables has been stopped so no
>> firewalls.
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155