[Openswan Users] CentOS5 + Draytek 2820 pings only one way
paul at trusted-management.com
Fri Feb 15 11:07:42 EST 2013
Ah, looks like it.
I have assumed that you are using NetKey on the Centos machine.
The issue as far as my knowledge of IPsec goes suggests that the sessions starting from your local server are possibly attempting to use the external rather than the internal IP address.
I know the sourceip works with KLIPS, but even then you can NAT the session to ensure the correct IP is passing down the tunnel.
You could do some tcpdumps to verify what is happening...
From: users-bounces at lists.openswan.org [mailto:users-bounces at lists.openswan.org] On Behalf Of John Crisp
Sent: 15 February 2013 12:33
To: users at lists.openswan.org
Subject: Re: [Openswan Users] CentOS5 + Draytek 2820 pings only one way
On 15/02/13 12:49, Paul Overton wrote:
> Have you specified the following on your Centos machine?
> the IP address for this host to use when transmitting a packet to the other side of this
> link. Relevant only locally, the other end need not agree. This option is used to make the
> gateway itself use its internal IP, which is part of the leftsubnet, to communicate to the
> rightsubnet or right. Otherwise, it will use its nearest IP address, which is its public IP
> address. This option is mostly used when defining subnet-subnet connections, so that the
> gateways can talk to each other and the subnet at the other end, without the need to build
> additional host-subnet, subnet-host and host-host tunnels.
> I have not tried this with Centos, but you never know.
I think I got that right as per the config below :
L.C. is Left CentOS
R.D. is Right Draytek
Config is as below. I am pretty sure it is something to do with the CentOS/OpenSwan box not routing properly, but not sure how to get it right.
The Draytek has it figured out.
I know there are a lot of people using Drayteks and this config. Just me that can't figure it out !
# basic configuration
# Debug-logging controls: "none" for (almost) none, "all" for lots.
leftsourceip=192.168.99.1 # Server local address
leftid=L.C.98.24 # Server public IP
right=R.D.128.243 # Router public IP
rightid=R.D.128.243 # Router public IP
rightsourceip=10.0.0.251 # Router local address
Users at lists.openswan.org
Building and Integrating Virtual Private Networks with Openswan:
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
This message has been scanned for viruses and
dangerous content by Trusted Management Limited, and is
believed to be clean.
More information about the Users