[Users] Cannot ping internal hosts but only internal interface

From: Mimmus (dviggiani_at_tiscali.it)
Date: Fri Dec 27 2002 - 10:37:37 CET

• Next message: Alexandre: "[Users] the vpn don`t work ok !"
• Previous message: ldye: "[Users] Happy nice Christmas"
• Next in thread: Igmar Palsenberg: "Re: [Users] Cannot ping internal hosts but only internal interface"
• Reply: Igmar Palsenberg: "Re: [Users] Cannot ping internal hosts but only internal interface"
• Reply: Igmar Palsenberg: "Re: [Users] Cannot ping internal hosts but only internal interface"
• Maybe reply: Mimmus: "RE: [Users] Cannot ping internal hosts but only internal interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
I'm trying to set up a simple road-warrior configuration:
 192.168.0.0/24===xxx.yyy.zzz.226---zzz.yyy.zzz.225...%any
using shared-secret (I have one road-warrior client) but I'm having many
problems.
Gateway is a Redhat 7.2 Linux box with three network interfaces, Shorewall
firewall set up correctly (I hope... but I tried also with all firewall
rules cleared).
Client is a Redhat 8.0 Linux box.

Connection starts up correctly:

ipsec__plutorun: Starting Pluto subsystem...
pluto[24331]: Starting Pluto (FreeS/WAN Version 1.99)
pluto[24331]: including X.509 patch (Version 0.9.15)
pluto[24331]: Changing to directory '/etc/ipsec.d/cacerts'
pluto[24331]: Warning: empty directory
pluto[24331]: Changing to directory '/etc/ipsec.d/crls'
pluto[24331]: Warning: empty directory
pluto[24331]: could not open my default X.509 cert file
'/etc/x509cert.der'
pluto[24331]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
pluto[24331]: added connection description "road"
pluto[24331]: listening for IKE messages
pluto[24331]: adding interface ipsec1/eth1 192.168.0.254
pluto[24331]: adding interface ipsec0/eth0 xxx.yyy.zzz.226
pluto[24331]: loading secrets from "/etc/ipsec.secrets"
pluto[24331]: "road"[1] 151.39.227.40 #1: responding to Main Mode from
unknown peer 151.39.227.40
pluto[24331]: "road"[1] 151.39.227.40 #1: Peer ID is ID_IPV4_ADDR:
'151.39.227.40'
pluto[24331]: "road"[1] 151.39.227.40 #1: sent MR3, ISAKMP SA established
pluto[24331]: "road"[1] 151.39.227.40 #2: responding to Quick Mode
pluto[24331]: "road"[1] 151.39.227.40 #3: responding to Quick Mode
pluto[24331]: "road"[1] 151.39.227.40 #2: IPsec SA established
pluto[24331]: "road"[1] 151.39.227.40 #3: IPsec SA established

but I'm unable to ping internal hosts, only gateway's internal interface.
After a few minutes, I see also these error messages:

pluto[24331]: INTERNAL ERROR: /proc/net/ipsec_eroute line 1 SA ID field
malformed: SA specifier lacks valid protocol prefix

This is ipsec.conf on the gateway:

config setup
        # interfaces=%defaultroute
        interfaces="ipsec0=eth0 ipsec1=eth1"
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes
conn %default
        keyingtries=1
        disablearrivalcheck=no
        authby=secret
# road-warrior
conn road
        left=xxx.yyy.zzz.226
        leftsubnet=192.168.0.0/24
        leftnexthop=xxx.yyy.zzz.225
        right=%any
        auto=add
        pfs=yes

Any help?
Domenico Viggiani

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Alexandre: "[Users] the vpn don`t work ok !"
• Previous message: ldye: "[Users] Happy nice Christmas"
• Next in thread: Igmar Palsenberg: "Re: [Users] Cannot ping internal hosts but only internal interface"
• Reply: Igmar Palsenberg: "Re: [Users] Cannot ping internal hosts but only internal interface"
• Reply: Igmar Palsenberg: "Re: [Users] Cannot ping internal hosts but only internal interface"
• Maybe reply: Mimmus: "RE: [Users] Cannot ping internal hosts but only internal interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Tue Dec 31 2002 - 05:21:06 CET