From: Carl Pålsson (capa_at_swipnet.se)
Date: Thu Oct 24 2002 - 01:57:46 CEST
Hello.
My test setup:
Client: Windows XP with ipsec.exe (192.168.0.8/24)
Gateway: FreeS/WAN 1.98b with X.509 patch 0.9.15 on Debian 2.4.18.
(192.168.0.2/24)
Everything is setup as per instructions on
http://www.natecarlson.com/linux/ipsec-x509.php. I´ve changed a number of
things like "uniqueids" to "no" instead of yes in the GW ipsec.conf (this is
for using the same Certificates on multiple clients, wich also works fine),
but other than that I´ve set it up more or less exactly as instructed.
Client ipsec.conf: http://217.215.65.100/freeswan_stuff/ipsec_client.conf
Gateway ipsec.conf: http://217.215.65.100/freeswan_stuff/ipsec_gateway.conf
Gateway firewall script: http://217.215.65.100/freeswan_stuff/fire
barf: http://217.215.65.100/freeswan_stuff/barf
tcpdump: http://217.215.65.100/freeswan_stuff/tcpdump
Pinging and accessing resources both on the Gateway and on the network
behind (192.168.1.0/24) works fine through ipsec. The gateway also responds
to pings without ipsec up (before i bring the connection up).
My problem appears after taking the connection down from the Windows box
(ipsec -off). Now all of a sudden I can´t reach the GW whatsoever. No ping,
nothing at all. Bringing the ipsec link up again works, however problems
could arise If something went wrong with ipsec and I needed to access the
Gateway by SSH.
The only way to fix this seems to be to restart FreeS/WAN (ipsec setup
restart). Setting all iptables chains to ACCEPT does not help either.
Any ideas on why this is and how to fix it would be appreciated.
Best regards,
Carl Pålsson
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Oct 25 2002 - 05:20:31 CEST