Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

RE: [Users] Can't ping gateway and machines behind gateway

From: John A. Sullivan III (John.Sullivan_at_nexusmgmt.com)
Date: Wed Apr 24 2002 - 17:23:39 CEST

Next message: Sandrine.MASSON_at_fr.thalesgroup.com: "[Users] cannot ping with FreeSWAN/IPv6"
Previous message: Martin Edward John Waller: "Re: [Users] FreeS/Wan and masquerdaing routing question... (wasdesperate for help! freeswan attempt: can exhange keys but no access toother net after!)"
In reply to: Gerhard Hofmann: "RE: [Users] Can't ping gateway and machines behind gateway"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

OK - it sounds like you do have quite a ways to go. I apologize for my
hesitancy. Although I have extensive experience in designing large
VPN's, I am an absolute newbie to Free S/WAN so I'm not familiar with a
lot of the details and the logs. I would suspect that you would see
some message about QM (Quick Mode) connected in the logs once a tunnel
is established. You absolutely will need to forward IP protocol 50 if
you want to use ESP to tunnel. It is an IP protocol and not a TCP or
UDP port. TCP is IP protocol 6, UDP is IP protocol 17 and ESP is IP
protocol 50 - so you see how ESP, TCP and UDP are all peers - John

On Wed, 2002-04-24 at 10:57, Gerhard Hofmann wrote:
> Thanks for your reply.
> How can I determine if packets from the road warrior arrive at the gateway?
>
> I'm not even sure if the tunnel from roadwarrior to VPN is established. The
> message "instantiated roadwarrior for 62.246.11.140" sounds quite good.
> Unfortunately, I have no idea where to find the exact meaning of those
> messages.
>
> I have to add that I only forwarded UDP port 500 to the VPN gateway. Is that
> sufficient? Freeswan documentation also mentions protocols 50 and 51, but
> not if those are TCP or UDP.
>
>
> > -----Original Message-----
> > From: John A. Sullivan III [mailto:John.Sullivan_at_nexusmgmt.com]
> > Sent: Wednesday, April 24, 2002 4:35 PM
> > To: Gerhard Hofmann
> > Cc: Freeswan List
> > Subject: Re: [Users] Can't ping gateway and machines behind gateway
> >
> >
> > I don't have the answer but I'll ask two questions to try to point you
> > in a direction. How do the packets get from your Road Warriors to the
> > Free S/WAN gateway? Assuming they make it to the gateway and are then
> > forwarded on to the target, how does the target know to send the reply
> > packets to the Free S/WAN gateway rather than the default router? - John
> >

-- John A. Sullivan III Group Technology Director Nexus Management +1 207-985-7880 John.Sullivan_at_nexusmgmt.com

_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users

Next message: Sandrine.MASSON_at_fr.thalesgroup.com: "[Users] cannot ping with FreeSWAN/IPv6"
Previous message: Martin Edward John Waller: "Re: [Users] FreeS/Wan and masquerdaing routing question... (wasdesperate for help! freeswan attempt: can exhange keys but no access toother net after!)"
In reply to: Gerhard Hofmann: "RE: [Users] Can't ping gateway and machines behind gateway"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:53 CEST