[Openswan Users] Cant Ping, or anything BUT i have a connection
Luis Nagaki
luis.nagaki at gmail.com
Wed Aug 15 22:18:30 EDT 2012
and im on
openswan-2.6.37-3.fc17.x86_64
fedora server and centos client
On Wed, Aug 15, 2012 at 10:08 PM, Luis Nagaki <luis.nagaki at gmail.com> wrote:
> Sorry! i thought i added a link to the files.
>
> heres the conf file on the Server
>
> conn client_03
> left=%any
> leftsubnet=10.0.3.1/27
> leftid=@client_03
> leftsourceip=10.0.3.25
> leftrsasigkey=0sAQP5m6IY...
> leftnexthop=%defaultroute
> right=PUBLIC IP
> rightsubnet=10.0.1.64/28
> rightid=@server
> rightsourceip=10.0.1.69
> rightrsasigkey=0sAQPRU...
> rightnexthop=PUBLIC IP GATEWAY
> rekey=yes
> dpddelay=15
> dpdtimeout=30
> dpdaction=restart_by_peer
> auto=start
>
>
> conn server
> left=%defaultroute
> leftsubnet=10.0.3.1/27
> leftid=@client_03
> leftsourceip=10.0.3.25
> leftrsasigkey=0sAQP5m...
> leftnexthop=%defaultroute
> right=PUBLIC IP OF SERVER
> rightsubnet=10.1.0.64/28
> rightid=@server
> rightsourceip=10.1.0.69
> rightrsasigkey=0sAQPRU...
> rightnexthop=PUBLIC IP GATEWAY
> rekey=yes
> dpddelay=15
> dpdtimeout=30
> dpdaction=restart_by_peer
> auto=start
>
>
>
> config setup for server
>
> config setup
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> # klipsdebug=none
> # plutodebug="control parsing"
> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
> #plutostderrlog=/var/log/ipsec
> protostack=netkey
> listen=PUBLIC IP
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.1.0/24,%v4:10.0.3.1/27,%v4:10.1.0.64/28,%v6:fd00::/8,%v6:fe80::/10
> nat_traversal=yes
> #virtual_private=
> oe=off
> # Enable this if you see "failed to find any available worker"
> # nhelpers=0
>
> #You may put your configuration (.conf) file in the "/etc/ipsec.d/"
> include /etc/ipsec.d/*.conf
>
>
> config setup on client
>
> config setup
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> #klipsdebug=all
> #plutodebug="control parsing"
> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
> plutostderrlog=/var/log/ipsec
> protostack=netkey
> nat_traversal=yes
> #virtual_private=
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:10.1.0.64/28,%v4:10.0.3.1/27%v6:fd00::/8,%v6:fe80::/10
> oe=off
> # Enable this if you see "failed to find any available worker"
> # nhelpers=0
> #You may put your configuration (.conf) file in the "/etc/ipsec.d/"
> and uncomment this.
> include /etc/ipsec.d/*.conf
>
> Now the tunnel is up.. i can confirm..
>
> please note that on the Server i have VRRP / HA on both the internal
> Nic and the External Nic as well
>
> so Internal VIP ----Server ---- External VIP ---------Cloud /
> Internet--------External IP of Router ---- Internal IP(DHCP)
> ----Client----Internal Static IP from Right / Client side needs to
> reach..
>
> routes are in place etc
>
> hope that helps!
>
>
>
> On Wed, Aug 15, 2012 at 9:52 PM, Muhammad El-Sergani <msergani at gmail.com> wrote:
>> Hello Luis,
>>
>> I think you need to describe your network and provide your configuration
>> files with some IPs, for someone to be able to help.
>>
>> Sent from my Galaxy Tab
>>
>> On Aug 16, 2012 3:13 AM, "Luis Nagaki" <luis.nagaki at gmail.com> wrote:
>>>
>>> Guys,
>>>
>>> so weird.. using Fedora 17 with the latest openswan that comes with it
>>> and i am able to get a connection going. the tunnel is confirmed up
>>> and i can see in tcpdump the ping and anything else going through. BUT
>>> nothig happens. ping or ssh wont work. iptables has been stopped so no
>>> firewalls.
>>> _______________________________________________
>>> Users at lists.openswan.org
>>> https://lists.openswan.org/mailman/listinfo/users
>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list