From: Sam Sgro (sam_at_freeswan.org)
Date: Fri Jan 10 2003 - 18:56:30 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 10 Jan 2003, Bjarke Bruun wrote:
> It's the "Connection refused [err....." that annoys me since the iptables
> setup is as follows on the gateway and client
>
> [root_at_client root]# iptables -L -n
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:500
> dpt:500
> ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:500
> dpt:500
> ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3
> [root_at_client root]#
>
>
> Does anyone have any idea what I'm doing wrong, or what I need to do to get is
> started?
The gateway box is not receiving packets from the client; they are being cut
off at the source. iptables rules are the common culprit for your reported
error, so you need to investigate the client's configuration.
Perhaps you could post the output of the "ipsec barf" command on the
client; ideally, to the web.
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPh8JUEOSC4btEQUtAQG1HQP/Yy3ey9wSDuNEP0xou3UdgXLBYVzyuhq/
e77yJq69Sd5N+vN9XQpFRoNOXM0GjJvej9vhw3TCuBw6Cwb3XLWb3ALeZ85E8E6Y
ig18vjJQYNdWnV9OM2OQH/MMbx4+21uvu+iG6427kcMuG1TIAmZ3hAkAz9llT8bC
zWIunueBhV0=
=wvY3
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Sun Jan 12 2003 - 05:21:07 CET