[Openswan Users] Cant Ping, or anything BUT i have a connection

Luis Nagaki luis.nagaki at gmail.com
Wed Aug 15 22:54:04 EDT 2012 

Disabled



On Aug 15, 2012, at 10:50 PM, Muhammad El-Sergani <msergani at gmail.com>
wrote:

SELinux?

Sent from my Galaxy Tab
 On Aug 16, 2012 4:18 AM, "Luis Nagaki" <luis.nagaki at gmail.com> wrote:

> and im on
>
> openswan-2.6.37-3.fc17.x86_64
>
> fedora server and centos client
>
> On Wed, Aug 15, 2012 at 10:08 PM, Luis Nagaki <luis.nagaki at gmail.com>
> wrote:
> > Sorry! i thought i added a link to the files.
> >
> > heres the conf file on the Server
> >
> > conn client_03
> >     left=%any
> >     leftsubnet=10.0.3.1/27
> >     leftid=@client_03
> >     leftsourceip=10.0.3.25
> >     leftrsasigkey=0sAQP5m6IY...
> >     leftnexthop=%defaultroute
> >     right=PUBLIC IP
> >     rightsubnet=10.0.1.64/28
> >     rightid=@server
> >     rightsourceip=10.0.1.69
> >     rightrsasigkey=0sAQPRU...
> >     rightnexthop=PUBLIC IP GATEWAY
> >     rekey=yes
> >     dpddelay=15
> >     dpdtimeout=30
> >     dpdaction=restart_by_peer
> >     auto=start
> >
> >
> > conn server
> >     left=%defaultroute
> >     leftsubnet=10.0.3.1/27
> >     leftid=@client_03
> >     leftsourceip=10.0.3.25
> >     leftrsasigkey=0sAQP5m...
> >     leftnexthop=%defaultroute
> >     right=PUBLIC IP OF SERVER
> >     rightsubnet=10.1.0.64/28
> >     rightid=@server
> >     rightsourceip=10.1.0.69
> >     rightrsasigkey=0sAQPRU...
> >     rightnexthop=PUBLIC IP GATEWAY
> >     rekey=yes
> >     dpddelay=15
> >     dpdtimeout=30
> >     dpdaction=restart_by_peer
> >     auto=start
> >
> >
> >
> > config setup for server
> >
> > config setup
> >         # Debug-logging controls:  "none" for (almost) none, "all" for
> lots.
> >         # klipsdebug=none
> >         # plutodebug="control parsing"
> >         # For Red Hat Enterprise Linux and Fedora, leave
> protostack=netkey
> >         #plutostderrlog=/var/log/ipsec
> >         protostack=netkey
> >         listen=PUBLIC IP
> >         virtual_private=%v4:
> 10.0.0.0/8,%v4:192.168.1.0/24,%v4:10.0.3.1/27,%v4:10.1.0.64/28,%v6:fd00::/8,%v6:fe80::/10
> >         nat_traversal=yes
> >         #virtual_private=
> >         oe=off
> >         # Enable this if you see "failed to find any available worker"
> >         # nhelpers=0
> >
> > #You may put your configuration (.conf) file in the "/etc/ipsec.d/"
> > include /etc/ipsec.d/*.conf
> >
> >
> > config setup on client
> >
> > config setup
> >         # Debug-logging controls:  "none" for (almost) none, "all" for
> lots.
> >         #klipsdebug=all
> >         #plutodebug="control parsing"
> >         # For Red Hat Enterprise Linux and Fedora, leave
> protostack=netkey
> >         plutostderrlog=/var/log/ipsec
> >         protostack=netkey
> >         nat_traversal=yes
> >         #virtual_private=
> >         virtual_private=%v4:
> 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:10.1.0.64/28,%v4:10.0.3.1/27%v6:fd00::/8,%v6:fe80::/10
> >         oe=off
> >         # Enable this if you see "failed to find any available worker"
> >         # nhelpers=0
> > #You may put your configuration (.conf) file in the "/etc/ipsec.d/"
> > and uncomment this.
> > include /etc/ipsec.d/*.conf
> >
> > Now the tunnel is up.. i can confirm..
> >
> > please note that on the Server i have VRRP / HA on both the internal
> > Nic and the External Nic as well
> >
> > so Internal VIP ----Server ---- External VIP ---------Cloud /
> > Internet--------External IP of Router ---- Internal IP(DHCP)
> > ----Client----Internal Static IP from Right / Client side needs to
> > reach..
> >
> > routes are in place etc
> >
> > hope that helps!
> >
> >
> >
> > On Wed, Aug 15, 2012 at 9:52 PM, Muhammad El-Sergani <msergani at gmail.com>
> wrote:
> >> Hello Luis,
> >>
> >> I think you need to describe your network and provide your configuration
> >> files with some IPs, for someone to be able to help.
> >>
> >> Sent from my Galaxy Tab
> >>
> >> On Aug 16, 2012 3:13 AM, "Luis Nagaki" <luis.nagaki at gmail.com> wrote:
> >>>
> >>> Guys,
> >>>
> >>> so weird.. using Fedora 17 with the latest openswan that comes with it
> >>> and i am able to get a connection going. the tunnel is confirmed up
> >>> and i can see in tcpdump the ping and anything else going through. BUT
> >>> nothig happens. ping or ssh wont work. iptables has been stopped so no
> >>> firewalls.
> >>> _______________________________________________
> >>> Users at lists.openswan.org
> >>> https://lists.openswan.org/mailman/listinfo/users
> >>> Micropayments:
> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> >>> Building and Integrating Virtual Private Networks with Openswan:
> >>>
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120815/326d813c/attachment.html>

More information about the Users mailing list