<div>></div><div>> Hi</div><div>>></div><div>>> I've installed Openswan on Ubuntu 10.04.</div><div>>></div><div>>> I've one network interface: eth0 = 10.202.x.x.</div><div>>></div>
<div>>> I've created another Virtual Network Interface: eth0:0 = 192.168.y.y.</div><div>>></div><div>>> I've Elastic IP: 50.17.z.z.</div><div>>></div><div>>> I've done natting with following commands:</div>
<div>>></div><div>>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</div><div>>></div><div>>> then used more commands like this:</div><div>>></div><div>>> iptables --flush</div><div>
>> iptables -t nat --flush</div><div>>> iptables --delete-chain</div><div>>> iptables -t nat --delete-chain</div><div>>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A </div><div>
>> FORWARD -i eth0:0 -j ACCEPT</div><div>>></div><div>>> I've configured my connection as under:</div><div>>></div><div>>> conn TEST</div><div>>></div><div>>> type=tunnel</div>
<div>>> authby=secret</div><div>>> ike=3des-md5-modp1024</div><div>>> ikelifetime=86400s</div><div>>></div><div>>> phase2=esp</div><div>>> phase2alg=3des-md5;modp1024</div><div>>> lifetime=28800s</div>
<div>>> forceencaps=yes</div><div>>> pfs=no</div><div>>></div><div>>> left=10.202.x.x</div><div>>> leftid=50.17.z.z</div><div>>> leftnexthop=%defaultroute</div><div>>> leftsubnet=192.168.y.y/32</div>
<div>>></div><div>>> right=202.125.a.a</div><div>>> rightid=202.125.a.a</div><div>>> rightsubnet=172.16.b.b/32</div><div>>> rightnexthop=%defaultroute</div><div>>> dpdaction=restart</div>
<div>>> dpddelay=30</div><div>>> dpdtimeout=45</div><div>>></div><div>>> auto=add</div><div>>></div><div>>> now when I try to start a tunnel with command: ipsec auto --up TEST, </div><div>
>> tunnel comes up successfully, but when i ping 172.16.b.b. I don't get </div><div>>> any reply.</div><div>>></div><div>>> All ports opened for all IP Addresses, firewall allow all. Still no </div>
<div>>> success.</div><div>>></div><div>>> My routing table is as under:</div><div>>></div><div>>> Destination Gateway Genmask Flags Metric Ref Use Iface</div><div>>> 192.168.222.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0</div>
<div>>> 10.202.70.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0</div><div>>> 0.0.0.0 10.202.70.1 0.0.0.0 UG 100 0 0 eth0</div><div>>> 0.0.0.0 10.202.70.1 0.0.0.0 UG 100 0 0 eth0</div><div>>></div><div>>></div>
<div>>> iptables -L show:</div><div>>></div><div>>> Chain INPUT (policy ACCEPT)</div><div>>></div><div>>> target prot opt source destination</div><div>>></div><div>>></div>
<div>>> Chain FORWARD (policy ACCEPT)</div><div>>></div><div>>> target prot opt source destination</div><div>>></div><div>>> ACCEPT all -- anywhere anywhere</div>
<div>>></div><div>>></div><div>>> Chain OUTPUT (policy ACCEPT)</div><div>>></div><div>>> target prot opt source destination</div><div>>></div><div>>> kindly guide me what i am missing, tunnel is being established </div>
<div>>> successfully but cannot ping other side, and they cannot ping me?</div><div>>></div><div>>></div><div>>> A I missing any route? Kindly do let me know what route to add, if </div><div>>> missed any?</div>
<div>>></div><div>>> Thank you very much. Waiting for any answer. Thank you guys.</div><div>>></div><div>>> Regards</div><div>>></div><div>>> Imran</div><div>>></div><div>> LOG is:</div>
<div>></div><div>> Mar 29 09:51:49 mx2 pluto[10593]: "ufoneIN" #2236: Dead Peer Detection </div><div>> (RFC 3706): enabled Mar 29 09:51:49 mx2 pluto[10593]: "ufoneIN" #2237: </div><div>> initiating Quick Mode</div>
<div>> PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW {using isakmp#2236 msgid:a2d8cddd</div><div>> proposal=3DES(3)_192-MD5(1)_128 pfsgroup=no-pfs} Mar 29 09:51:49 mx2 </div><div>> pluto[10593]: "ufoneIN" #2236: ignoring informational payload, type </div>
<div>> IPSEC_RESPONDER_LIFETIME msgid=00000000 Mar 29 09:51:49 mx2 </div><div>> pluto[10593]: "ufoneIN" #2236: received and ignored informational </div><div>> message Mar 29 09:51:50 mx2 pluto[10593]: "ufoneIN" #2236: received </div>
<div>> Delete SA</div><div>> payload: deleting ISAKMP State #2236</div><div>> Mar 29 09:51:50 mx2 pluto[10593]: packet from <a href="http://202.125.152.237:4500">202.125.152.237:4500</a>:</div><div>> received and ignored informational message Mar 29 09:52:01 mx2 </div>
<div>> CRON[21635]: pam_unix(cron:session): session opened for user root by </div><div>> (uid=0) Mar 29 09:52:01 mx2 CRON[21635]: pam_unix(cron:session): </div><div>> session closed for user root Mar 29 09:52:32 mx2 pluto[10593]: </div>
<div>> "ufoneIN": deleting connection Mar 29 09:52:32 mx2 pluto[10593]: </div><div>> "ufoneIN" #2237: deleting state</div><div>> (STATE_QUICK_I1)</div><div>> Mar 29 09:52:32 mx2 pluto[10593]: added connection description "ufoneIN"</div>
<div>> Mar 29 09:52:36 mx2 pluto[10593]: "ufoneIN" #2238: initiating Main </div><div>> Mode Mar 29 09:52:37 mx2 pluto[10593]: "ufoneIN" #2238: received </div><div>> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 </div>
<div>> Mar 29 09:52:37 mx2 pluto[10593]: "ufoneIN" #2238: ignoring Vendor ID </div><div>> payload [FRAGMENTATION c0000000] Mar 29 09:52:37 mx2 pluto[10593]: </div><div>> "ufoneIN" #2238: enabling possible NAT-traversal with method </div>
<div>> draft-ietf-ipsec-nat-t-ike-05 Mar 29 09:52:37 mx2 pluto[10593]: </div><div>> "ufoneIN" #2238: transition from state</div><div>> STATE_MAIN_I1 to state STATE_MAIN_I2</div><div>> Mar 29 09:52:37 mx2 pluto[10593]: "ufoneIN" #2238: STATE_MAIN_I2: sent </div>
<div>> MI2, expecting MR2 Mar 29 09:52:37 mx2 pluto[10593]: "ufoneIN" #2238: </div><div>> received Vendor ID payload [Cisco-Unity] Mar 29 09:52:37 mx2 </div><div>> pluto[10593]: "ufoneIN" #2238: received Vendor ID payload [XAUTH] Mar </div>
<div>> 29 09:52:37 mx2 pluto[10593]: "ufoneIN" #2238: ignoring unknown Vendor </div><div>> ID payload [938d9ec7b1eb6956bf8485a99551f9b7]</div><div>> Mar 29 09:52:37 mx2 pluto[10593]: "ufoneIN" #2238: ignoring Vendor ID </div>
<div>> payload [Cisco VPN 3000 Series] Mar 29 09:52:37 mx2 pluto[10593]: </div><div>> "ufoneIN" #2238: NAT-Traversal: Result using </div><div>> draft-ietf-ipsec-nat-t-ike-02/03: both are NATed Mar 29 09:52:37 mx2 </div>
<div>> pluto[10593]: "ufoneIN" #2238: transition from state</div><div>> STATE_MAIN_I2 to state STATE_MAIN_I3</div><div>> Mar 29 09:52:37 mx2 pluto[10593]: "ufoneIN" #2238: STATE_MAIN_I3: sent </div>
<div>> MI3, expecting MR3 Mar 29 09:52:37 mx2 pluto[10593]: "ufoneIN" #2238: </div><div>> received Vendor ID payload [Dead Peer Detection] Mar 29 09:52:37 mx2 </div><div>> pluto[10593]: | protocol/port in Phase 1 ID Payload is 17/0. accepted </div>
<div>> with port_floating NAT-T Mar 29 09:52:37 mx2 pluto[10593]: "ufoneIN" </div><div>> #2238: Main mode peer ID is</div><div>> ID_IPV4_ADDR: '202.125.152.237'</div><div>> Mar 29 09:52:37 mx2 pluto[10593]: "ufoneIN" #2238: transition from </div>
<div>> state</div><div>> STATE_MAIN_I3 to state STATE_MAIN_I4</div><div>> Mar 29 09:52:37 mx2 pluto[10593]: "ufoneIN" #2238: STATE_MAIN_I4: </div><div>> ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY </div>
<div>> cipher=oakley_3des_cbc_192</div><div>> prf=oakley_md5 group=modp1024}</div><div>> Mar 29 09:52:37 mx2 pluto[10593]: "ufoneIN" #2238: Dead Peer Detection </div><div>> (RFC 3706): enabled Mar 29 09:52:37 mx2 pluto[10593]: "ufoneIN" #2239: </div>
<div>> initiating Quick Mode</div><div>> PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW {using isakmp#2238 msgid:3544a45b</div><div>> proposal=3DES(3)_192-MD5(1)_128 pfsgroup=no-pfs} Mar 29 09:52:37 mx2 </div><div>> pluto[10593]: "ufoneIN" #2238: ignoring informational payload, type </div>
<div>> IPSEC_RESPONDER_LIFETIME msgid=00000000 Mar 29 09:52:37 mx2 </div><div>> pluto[10593]: "ufoneIN" #2238: received and ignored informational </div><div>> message Mar 29 09:52:38 mx2 pluto[10593]: "ufoneIN" #2238: received </div>
<div>> Delete SA</div><div>> payload: deleting ISAKMP State #2238</div><div>> Mar 29 09:52:38 mx2 pluto[10593]: packet from <a href="http://202.125.152.237:4500">202.125.152.237:4500</a>:</div><div>> received and ignored informational message</div>
<div>></div><div>> Any idea how to resolve it?</div><div>></div><div><br></div>