[Openswan Users] Users Digest, Vol 133, Issue 6

[Björn Mittelsdorf]

Hi Roi,
hi all,

ESP-Packets going out is good.

Are the machines on the other side willing to answer to ping at all?
On many machines replying to ping is disabled.

If it is you can try 

telnet 192.168.30.23 <somePortYouKnowOfWhichIsActive>

If you can rely on ping you should try 
traceroute 192.168.30.23

Did the other side agree on your subnet containing 192.168.0.6 at all?

Best regards

Björn

> 
> Message: 1
> Date: Mon, 04 May 2015 19:53:55 +0200
> From: Roi Rodr?guez <roi.rodriguez at qubitia.com>
> To: users at lists.openswan.org
> Subject: Re: [Openswan Users] tunnel ok, virtual interface down
> Message-ID: <5547B233.2070408 at qubitia.com>
> Content-Type: text/plain; charset="windows-1252"; Format="flowed"
> 
> Ok, i used tcpdump when pinging 192.168.30.23 (in their private network)
> and i see esp packets going on... Does this mean everything is ok and the
> problem is on their side?
> 
> root at ubuntu:/etc/ipsec.d# ping 192.168.30.23 & [1] 6312
> root at ubuntu:/etc/ipsec.d# PING 192.168.30.23 (192.168.30.23) 56(84) bytes
> of data.
> 
> root at ubuntu:/etc/ipsec.d# tcpdump -i eth0 -v -n -p udp port 500 or udp port
> 4500
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
> 65535 bytes
> 19:53:16.183452 IP (tos 0x0, ttl 64, id 59809, offset 0, flags [DF], proto UDP
> (17), length 144)
>      192.168.0.6.4500 > 198.202.190.103.4500: UDP-encap:
> ESP(spi=0xef2410db,seq=0x1f), length 116
> 19:53:17.183389 IP (tos 0x0, ttl 64, id 59810, offset 0, flags [DF], proto UDP
> (17), length 144)
>      192.168.0.6.4500 > 198.202.190.103.4500: UDP-encap:
> ESP(spi=0xef2410db,seq=0x20), length 116
> 19:53:18.183410 IP (tos 0x0, ttl 64, id 59811, offset 0, flags [DF], proto UDP
> (17), length 144)
>      192.168.0.6.4500 > 198.202.190.103.4500: UDP-encap:
> ESP(spi=0xef2410db,seq=0x21), length 116
> 19:53:19.183381 IP (tos 0x0, ttl 64, id 59812, offset 0, flags [DF], proto UDP
> (17), length 144)