[Users] newbie ping remote

From: Matevz Mesojednik (mesojednik_at_email.si)
Date: Sat Nov 30 2002 - 22:37:59 CET

• Next message: John A. Sullivan III: "Re: [Users] Sample config for NAT-T + DHCP-over-IPSec - anyone?"
• Previous message: Jeremy: "[Users] pclose pfkey fails (?!!) Please help"
• Next in thread: Sam Sgro: "Re: [Users] newbie ping remote"
• Reply: Sam Sgro: "Re: [Users] newbie ping remote"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I use FreeSWAN 1.99 on 2 machines running Red Hat 7.3 (2.4.18, iptables).
Connection goes up fine (SA established...) but ping fails.

My configuration:

        FreeSWAN FreeSWAN
         _____ ______ __
        | | | |
| \
        |_____| 212.30.95.1 |______|
| \__
             ppp0--------INTERNET-----------------eth1 eth0-----------
|______|
                ipsec0 ipsec0 192.168.1.1 192.168.1.2
                                                        212.30.95.135 (Win95)

route -n command on right FSWAN shows next results:

192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
212.30.95.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
212.30.95.0 0.0.0.0 255.255.255.0 U 0 0 0
ipsec0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 212.30.95.1 0.0.0.0 UG 0 0 0 eth1

I am tryin to ping 192.168.1.2 from Road warrior machine. I have Ethereal
installed on "212" machine. Listening traffic on ipsec0 shows only ICMP
requests, no replies. But when pinging 192.168.1.1(FreeSWAN internal
interface) Road warrior receives ICMP response. It looks like something is
missing in "212" routing table. Packets don't reach my 192.168.1.2 box
(tested with Ethereal for Windows on my 192..2 machine).

As it seems to me, some packet forwarding (to 192..2 machine) is missing on
"212" gateway.
Is the first line in my routing table OK (net 192.168.1.0 - gw 0.0.0.0)?
Should forwarding be done with iptables?

ipsec.conf entries:

conn %default
        keyingtries=0
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%dnsondemand
        rightrsasigkey=%dnsondemand

conn road
    left=%defaultroute # Picks up our dynamic IP
 # leftnexthop=
    leftid=@dhcppc53 # Local information
    leftrsasigkey=WHATEVER_LEFT

    right=212.30.95.135 # Remote information
    rightnexthop=212.30.95.1 #ISP's gateway
    rightsubnet=192.168.1.0/24 #
    rightid=@LEADER #
    rightrsasigkey=WHATEVER_RIGHT
    auto=add # authorizes but doesn't start this
                                   # connection at startup

And another thing, i already set rp_filter to 0.

Thank you in advance.

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: John A. Sullivan III: "Re: [Users] Sample config for NAT-T + DHCP-over-IPSec - anyone?"
• Previous message: Jeremy: "[Users] pclose pfkey fails (?!!) Please help"
• Next in thread: Sam Sgro: "Re: [Users] newbie ping remote"
• Reply: Sam Sgro: "Re: [Users] newbie ping remote"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Wed Dec 04 2002 - 05:20:58 CET