[Openswan Users] Tunnel established but can't ssh or ping
Muenz, Michael
m.muenz at spam-fetish.org
Fri Feb 22 01:51:47 EST 2013
Am 21.02.2013 23:08, schrieb Durwin:
>> tcpdump -n -i eth0 host <peer-ip>
>>
> 15:03:46.420405 IP bayou.acadia.land.ssh > caiman.acadia.land.63827: Flags [P.], seq 1166146839:1166146887, ack 1383081796, win 217, length 48
> 15:03:46.420645 IP caiman.acadia.land.63827 > bayou.acadia.land.ssh: Flags [.], ack 48, win 65439, length 0
> 15:03:46.420713 IP bayou.acadia.land.ssh > caiman.acadia.land.63827: Flags [P.], seq 48:160, ack 1, win 217, length 112
> 15:03:46.420927 IP bayou.acadia.land.ssh > caiman.acadia.land.63827: Flags [P.], seq 160:208, ack 1, win 217, length 48
> 15:03:46.421119 IP caiman.acadia.land.63827 > bayou.acadia.land.ssh: Flags [.], ack 208, win 65279, length 0
> 15:03:47.031578 IP mailserver.mydomain.com.isakmp > bayou.acadia.land.isakmp: isakmp: phase 2/others ? inf[E]
> 15:03:47.032189 IP bayou.acadia.land.isakmp > mailserver.mydomain.com.isakmp: isakmp: phase 2/others ? inf[E]
> 15:03:47.138458 IP bayou.acadia.land > mailserver.mydomain.com: ESP(spi=0x0dfa0e9b,seq=0x3), length 116
> 15:03:47.455587 IP mailserver.mydomain.com.isakmp > bayou.acadia.land.isakmp: isakmp: phase 2/others ? inf[E]
> 15:03:47.456165 IP bayou.acadia.land.isakmp > mailserver.mydomain.com.isakmp: isakmp: phase 2/others ? inf[E]
> 15:03:48.138482 IP bayou.acadia.land > mailserver.mydomain.com: ESP(spi=0x0dfa0e9b,seq=0x4), length 116
> 15:03:48.396022 IP caiman.acadia.land.63827 > bayou.acadia.land.ssh: Flags [P.], seq 1:49, ack 208, win 65279, length 48
>
Please check if the ESP packet arrives at the other side, also check the
logs at mailserver.mydomain.
Output of "ipsec auto --status" is also of interest.
Michael
More information about the Users
mailing list