Re: [Users] RE: FreeS/WAN with PPPoE

From: Sam Sgro (sam_at_freeswan.org)
Date: Thu Oct 10 2002 - 04:05:12 CEST

• Next message: Martin Chan: "[Users] Security in Road Warrior"
• Previous message: Sam Sgro: "Re: [Users] Tunneling Problem"
• In reply to: kimhw: "[Users] RE: FreeS/WAN with PPPoE"
• Next in thread: kimhw: "RE: [Users] RE: FreeS/WAN with PPPoE"
• Reply: kimhw: "RE: [Users] RE: FreeS/WAN with PPPoE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 9 Oct 2002, kimhw wrote:

> config setup
> interfaces="ipsec0=eth0"
> klipsdebug=none
> plutodebug=none
> plutoload=%search
> plutostart=%search
> conn %default
> keyingtries=1
> authby=secret
> conn test
> type=tunnel
> left=20.20.20.2
> leftsubnet=10.10.10.0/24
> leftnexthop=20.20.20.1
> right=30.30.30.2
> rightsubnet=40.40.40.0/24
> rightnexthop=30.30.30.1
> keyexchange=ike
> ikelifetime=240m
> keylife=60m
> pfs=yes
> compress=no

Your config matches your network description.
  
> I checked PING connection between two networks Before I start IPSEC.
> And I run "ipsec setup start" and "ipsec auto --add test" "ipsec auto
> --up test"
>
> So, IPSEC tunnel was established between two networks now. But They can
> not negotiate PING.
> I captured Packet between ADSL Modem and FreeS/WAN wit Sniffer. It's
> looks fine.

To summarize, you ping one of the 40.40.40.0/24 machines from the
10.10.10.0/24 network. (Not the gateway machines themselves.) The packets
emerge as ESP packets, and arrive on the 30.30.30.3 machine, but no replies
emerge. The standard causes of this are:

1) rp_filter being turned on on either the public interfaces or the ipsec
interfaces bound to them;

2) firewall rules dropping the packets - Have you allowed UDP port 500 and
protocol 50 (esp) traffic? Have you taken into account the "ipsec0" interface
packets in the clear will use?

3) It's not clear, from the fact that you have disguised the network
addresses, as to whether you are employing NAT at any stage. Have you disabled
NAT for packets destined for the opposite subnet?

http://lists.freeswan.org/pipermail/users/2002-August/012918.html

- --
Sam Sgro
sam_at_freeswan.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBPaTgWkOSC4btEQUtAQEnpAP9E87wxBT32U58DLZtHWVIFWdjDEx6pgdm
f1UgkQyaGvqZJGXgzVUAYPwpQCSBW86N5ouiMsTuj3BXeA0IJaCy610Pcqa5Cleq
KfXps3VhJpWe4bkDPgIDa6ibXW3cf3wXDVQFcUIleucFL2+x1STOsd4VfkqdhUkA
A7eleGHwTDE=
=/VJI
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Martin Chan: "[Users] Security in Road Warrior"
• Previous message: Sam Sgro: "Re: [Users] Tunneling Problem"
• In reply to: kimhw: "[Users] RE: FreeS/WAN with PPPoE"
• Next in thread: kimhw: "RE: [Users] RE: FreeS/WAN with PPPoE"
• Reply: kimhw: "RE: [Users] RE: FreeS/WAN with PPPoE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Oct 12 2002 - 05:20:25 CEST