Currently have 6 sites with firewalls doing subnet to subnet
ipsec tunnels.
Works fine but want to switch to gre tunnels so I can run
routing
protocols through them.
First trying to get transport mode working between 2 sites.
I commented out the subnets.
Shut down the connections
Replaced them.
I can not ping the other end either way.
tcpdump shows esp coming in on the remote end but no icmp.
Tried both transport and tunnel.
Tried changing every chain to accept one by one and it did
not help.
I'm using shorewall for my firewall and if I shut it down on
both ends
it works.
Both are connected directly to the Internet.
Both have snat and dnat setup.
Both use openswan 2.4.6 from debian backports.
Both use shorewall 2.2.3
Both use iptables 1.2.11
Both use the native 2.6 kernel ipsec.
One is running 2.6.15 kernel other is 2.6.12.3
Definably something going on I'm not thinking of :-(
Any ideas?
John
_______________________________________________
Users openswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan:
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
|