RE: [Users] newbie question

From: cj (cj_at_itonsite.com.au)
Date: Fri Aug 23 2002 - 09:51:10 CEST

• Previous message: Simon Matthews: "Re: [Users] Updown script for use with Julian Anastasov's static routes patch?"
• In reply to: Sam Sgro: "Re: [Users] newbie question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have included my configuration and my testbed network as text files
attachments.
In my configuration eth0 is the external interfaces for the freeswan
servers.

my two freeswan servers are jabba and thehut (I know, how origanal)
with the host names jabba0,jabba1 and thehut0,thehut1
jabba0 and thehut0 are both eth0 which is the external interfaces.

If I however do a traceroute -i eth1 jabba1 from thehut the traceroute is a
success and I can see in the tcpdump that the connection is being encrypted,
also if I do a traceroute -i eth1 thehut1 from jabba again a success and
encryption.

jeez, I hope that made sence to you guys.

-----Original Message-----
From: Sam Sgro [mailto:sam_at_freeswan.org]
Sent: Friday, 23 August 2002 4:12 PM
To: cj
Cc: users_at_lists.freeswan.org
Subject: Re: [Users] newbie question

-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 23 Aug 2002, cj wrote:

> I have installed freeswan and configured it on gateway machine
> I start ipsec with /etc/rc.d/init.d/ipsec restart on both machines
> I get a IPsec SA established, I assume thats telling me the connection is
> up.
> I check the routeing table and it shows the ipsec interfaces.
> But when I try to ping or traceroute from one subnet to another it won't
get
> through,
> I have a pc in the middle of the two subnets to act as a router,
> I run tcpdump on the router pc and it shows no packets tring to get
through
> If I turn off ipsec it allows me to ping from each subnet.
>
> Would any one have some quick ideas as to what I can check or do to see
what
> the problem is

Is FreeS/WAN complaining about rp_filter when it starts? Ensure that
rp_filter is off for both the ipsec interface and the physical interface
it is linked to on both machines.

Have you made firewall holes (if applicable)? UDP/500 and protocol 50 at a
minimum.

The two sides can agree on a tunnel, but this might be incorrect when
compared to the network topology. Post a brief description of your network
as
well as configuration details. Logs will help as well.

- --
Sam Sgro
sam_at_freeswan.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBPWXSLkOSC4btEQUtAQHOpgP/VAul1px7j7PSiPZMwDhsqUujsFi1Nc4p
FBos1q0QCN8AZtZQghj8dZRq18def5mRQImGbCaRTX4qn7j8clJJt2AbHmeyx98p
Op48lx3Iqj6gYzLsfHWfy/O+w8x1XucUPbwuvz2bdYA2JIr1cZH4gXVm9nEMLJhy
Jen31n5v8vY=
=TfD4
-----END PGP SIGNATURE-----

• text/plain attachment: freeswannetwork.txt

• text/plain attachment: freeswanconfiguration.txt

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Previous message: Simon Matthews: "Re: [Users] Updown script for use with Julian Anastasov's static routes patch?"
• In reply to: Sam Sgro: "Re: [Users] newbie question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 26 2002 - 08:19:48 CEST