[Openswan Users] Openswan 2.6.35 interop with fortigate 200B
Siegfried Müller - MB Connect Line GmbH
mueller at mbconnectline.de
Thu May 24 11:14:50 EDT 2012
Solved!
We disabled the ipsec replay windows with "echo "0" > /sys/module/ipsec/parameters/ipsec_replaywin_override" and after then everything was fine. The debug of klipsdebug = rcv shows an issue with "double packets" and replay. So I decided to disable replay. I have no idea why this helps, but it helps:-)
Maybe someone knows that problem, I would like to know!
Cheers
Siegfried
-----Ursprüngliche Nachricht-----
Von: Goffe, Don [mailto:Donald.Goffe at GTECH.COM]
Gesendet: Freitag, 27. April 2012 17:39
An: Siegfried Müller - MB Connect Line GmbH; users at lists.openswan.org
Betreff: RE: [Openswan Users] Openswan 2.6.35 interop with fortigate 200B
I did see something like this once, I had two PC connected thru the same DSL modem. The first PC would connect and get an IP address, the second would then connect and get the same IP assigned to it and of course the first PC would stop. From the Fortinet point of view it was receiving the same source IP and port number of the DSL modem so it just assigned the same IP from its pool to the new MAC. The solution was to configure port forwarding on the modem and for each pc "create" a user session (in the firewall tab). That way the modem uses different ports. I don't know if this is relevant in your case just strange because neither OS or Foritnet complained. Each terminal would stop if the other was booted. Doing an ipaddr on both PC showed they both had the same IP.
Good luck
-----Original Message-----
From: users-bounces at lists.openswan.org [mailto:users-bounces at lists.openswan.org] On Behalf Of Siegfried Müller - MB Connect Line GmbH
Sent: Friday, April 27, 2012 10:15 AM
To: users at lists.openswan.org
Subject: Re: [Openswan Users] Openswan 2.6.35 interop with fortigate 200B
I updated to 2.6.38 and tried it with NETKEY and klips. It is same issue. Any hints from somebody?
BR
Siegfried
-----Ursprüngliche Nachricht-----
Von: users-bounces at lists.openswan.org [mailto:users-bounces at lists.openswan.org] Im Auftrag von Goffe, Don
Gesendet: Mittwoch, 25. April 2012 20:34
An: Patrick Lists; users at lists.openswan.org
Betreff: Re: [Openswan Users] Openswan 2.6.35 interop with fortigate 200B
We use the 100D and the 600C with 2.6.38-NETKEY and no issues. We haven't tried the 200B product.
-----Original Message-----
From: users-bounces at lists.openswan.org [mailto:users-bounces at lists.openswan.org] On Behalf Of Patrick Lists
Sent: Wednesday, April 25, 2012 1:46 PM
To: users at lists.openswan.org
Subject: Re: [Openswan Users] Openswan 2.6.35 interop with fortigate 200B
On 04/25/2012 04:43 PM, Siegfried Müller - MB Connect Line GmbH wrote:
> Hi,
>
> does anyone has experiences with fortigate200b firewall? We used
> openswan 2.4.5 (as client) with fortigate200b (as server). Now we did
> a update to openswan 2.6.35 and then one issue occurred. After
> transferring f.e. a file through the vpn tunnel, it stops after
> 180-200KB. No error messages on pluto or klips. Also a VNC session
> interrupted after first seconds. Everything is fine on 2.4.5. Any ideas?
Unfortunately not. But the latest version is 2.6.38. Maybe you could upgrade to 2.6.38 and try again?
Regards,
Patrick
_______________________________________________
Users at lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
CONFIDENTIALITY NOTICE: The information contained in this email message is intended only for use of the intended recipient. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately delete it from your system and notify the sender by replying to this email. Thank you.
_______________________________________________
Users at lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
_______________________________________________
Users at lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
CONFIDENTIALITY NOTICE: The information contained in this email message is intended only for use of the intended recipient. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately delete it from your system and notify the sender by replying to this email. Thank you.
More information about the Users
mailing list