List Info

Thread: Re: OpenSwan Connection Problems
Re: OpenSwan Connection Problems
user name
 2007-02-28 05:02:19 
Hi Dale

Thanks for your reply, I temporarily stopped iptables to
test if this was the problem but alas no luck.

Simon

-----Original Message-----
From: Dale Taylor [mailto:dalebluehall.net]
Sent: 28 February 2007 10:35
To: Bradish, Simon; usersopenswan.org
Subject: RE: [Openswan Users] OpenSwan Connection Problems


Sounds like your iptables are not configured correctly,
check to make sure
there is a rule in to allow the other network to connect.

Dale

-----Original Message-----
From: users-bouncesopenswan.org [mailto:users-bouncesopenswan.org] On
Behalf Of Bradish, Simon
Sent: 28 February 2007 10:03
To: usersopenswan.org
Subject: [Openswan Users] OpenSwan Connection Problems

Hi

Very very new to OpenSwan and IPSec so please forgive any
newbie errors.
I have some problems with the following setup...

10.2.2.0/24 >---< 10.2.2.1 :OpenSwan GW #1: External
IP Address NATed to
10.248.1.193 >---->>>

(Left)

INTERNET

(Right)

<<<----< External IP Address NATed to
10.30.1.217 :OpenSwan Gw #2:
10.248.49.246 >---< 10.248.49.0/24

Right config file as follows:

nat_traversal=yes

conn test
        # Remote Machine
        left=OpenSwan GW #2 External IP Address
        leftid=fmcgw
        # Remote subnet we are to access
        leftsubnet=10.2.2.0/24
        # Remote machines key
	  leftrsasigkey=
        # This machine
        right=10.30.1.217
        rightid=six
        # Subnet we wish the far side to access
        rightsubnet=10.248.49.0/24
        # This machines key
        rightrsasigkey=
        auto=add

Left config file as follows:

nat_traversal=yes

conn test
        # This Machine
        left=10.248.1.193
        leftid=fmcgw
        # Subnet we wish the far side to access
        leftsubnet=10.2.2.0/24
        # This machines key
	  leftrsasigkey=
        # Remote machine
        right= OpenSwan GW #1 External IP Address
        rightid=six
        # Remote subnet we are to access
        rightsubnet=10.248.49.0/24
        # Remote machines key
        rightrsasigkey=
        auto=add

I bring up the conn and all connects well, NATs are
detected.
However nothing will go down the IPSec connection.

Strange thing is if I change the config files such that the
left subnet is
10.248.1.0/24 I can then ping 10.248.49.X from 10.2.2.X
I cannot however ping back the other way.

Any ideas / problems ...?

Help much appreciated.
Simon
____________________________________________________________
____
Simon Bradish
Software Engineer
Accuris Networks Ltd.
O'Connell Bridge House, D'Olier St., Dublin 2
Ph: +353-1-881-8761, Fax: +353-1-881-8701
http://www.accuris-n
etworks.com/
_______________________________________________
Usersopenswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan: 
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155

_______________________________________________
Usersopenswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan: 
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )