From: Sam Sgro (sam_at_freeswan.org)
Date: Thu Aug 01 2002 - 03:43:40 CEST
-----BEGIN PGP SIGNED MESSAGE-----
On 31 Jul 2002, Corey Rogers wrote:
> This is really strange. I have got the FreeSWAN tunnelling to one of our
> clients from a test machine. Both machines are using FreeSWAN and
> GNU/Linux. Using eth0 on our box I can initiate the tunnel without
> problems. On eth1 I cannot and all the errata points to routing issues
> which shouldn't be the case.
>
> Both interfaces have gateways with access to the client test box. The
> client boxes are pingable from either interface (this includes aliases
> which are on the same subnets as their main interface) and traceroutes
> show the packets pass through their respective gateway machines.
>
> I know it is not a problem with aliases because the client machine is
> also setup and working correctly with its alias. As is the common
> responce it seems to be a routing issue but is it my error or FreeSWANs?
So, the client machine you are trying to connect has multiple interfaces
all sync'ed up with ipsec devices? (eg "ipsec0=eth1:0 ipsec1=eth4:27" etc.)
> LEGEND:
> Local ipsec gateway address is 10.XXX.XXX.253 (eth1:0)
> remote ipsec gateway address is 10.YYY.YYY.250 (eth0:3)
"local" and "remote" don't really explain much. Do you mean that these are the
IPs of the client machine you are trying to access when going through eth0 and
eth1?
> Here is a look at the ipsec.conf file on our local machine.
The ipsec.conf of the client box you are trying to connect to could be just as
important.
Let me ask you for several specific pieces of information here, just so there
is no confusion:
1) A network digram. Ideally, take out all the XXX.XXX and YYY.YYY stuff; this
is a non-internet routable subnet we're talking about here. At least, replace
it with different digits in the same subnet. That way, it's a bit easier
to read.
Show the network interfaces of the client machine you trying to connect to,
as well as the machine you are trying to connect from, as well as what paths
the packets take.
2) The relevant portions of ipsec.conf from both the client machine you are
connecting to and the machine you are connecting from.
3) A snippet from the logs of the client machine and/or your machine when you
try to connect would also be useful.
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPUiSTkOSC4btEQUtAQHfQgQA1xFDlwnleZtVuQyldlCZ7L5tfKwrJaef
Zx/1JdjxMnlOuElUrbOClvQK/+redtH8I4EhAqcewpjJekX04tLU8jouFDV+3ZGO
2xQUlC8F39T8AFYiufUoXIlYpH/TU35rCXkE5DJE4dBZyoaKO5wbQJQb2Wq5+RJ8
F6VgUdcAsH8=
=cZpN
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Mon Aug 05 2002 - 21:01:35 CEST