homepage Welcome to WebmasterWorld Guest from 23.22.217.122
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
freeswan cannot ping any remote machine
cccc




msg:912970
 12:06 am on Jan 28, 2004 (gmt 0)

hi

I have a big problem with freeswan gateway
on linux SuSE 8.2, connected via ipsec tunnel
to watchguard firewall.
There are 2 interfaces on the linux gateway:
external eth0 with public IP (212.X.X.X) and
internal eth1 with internal IP (192.168.115.1)
my ipsec.conf :
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
forwardcontrol=yes

conn %default
keyingtries=0
disablearrivalcheck=no
authby=secret
#compress=yes
#leftrsasigkey=%dnsondemand
#rightrsasigkey=%dnsondemand

conn roadwarrior
left=%any

conn me-to-anyone
#left=%defaultroute
#right=%opportunistic
#keylife=1h
#rekey=no
# for initiator only OE,
# after putting your key
#leftid=@myhostname.example.com
# uncomment this next line to enable it
# auto=route

conn Firebox1
left=195.X.X.X
leftnexthop=%defaultroute
leftsubnet=192.168.0.0/24
right=212.X.X.X
rightnexthop=%defaultroute
rightsubnet=192.168.115.0/24
leftupdown=/usr/lib/ipsec/_updown_custom
auto=start

The ipsec tunnel is working:
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
212.X.X.X * 255.255.255.240 U 0 0 0 eth0
212.X.X.X * 255.255.255.240 U 0 0 0 ipsec0
192.168.0.0 gw.****.net 255.255.255.0 UG 0 0 0 ipsec0
192.168.115.0 * 255.255.255.0 U 0 0 0 eth1
default gw.****.net 0.0.0.0 UG 0 0 0 eth0

# ipsec verify
Checking your system to see if IPsec was installed and started correctly
Version check and ipsec on-path [OK]
Checking for KLIPS support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
DNS checks.
Looking for forward key for ext [FAILED]
Looking for TXT in reverse map: X.X.X.212.in-addr.arpa [OK]
Does the machine have at least one non-private address [OK]

the problem is, I can ping from every remote machine my linux gateway,
but cannot ping from linux gateway watchguard and any remote machine.
firewall is not active at the linux gateway.
ports ANY to ANY and ping are allowed
at watchgurd configuration for linux.

what's wrong?

kind regards
cccc

 

SeanW




msg:912971
 4:26 pm on Jan 28, 2004 (gmt 0)

I had a similar problem once, I turned off opportunistic encryption and it fixed it...

[freeswan.org...]

The root cause was probably that I had it on but configured incorrectly.

Sean

cccc




msg:912972
 8:01 pm on Jan 28, 2004 (gmt 0)

hi SeanW

I've put these entries at my ipsec.conf:

conn block
auto=ignore

conn private
auto=ignore

conn private-or-clear
auto=ignore

conn clear-or-private
auto=ignore

conn clear
auto=ignore

conn packetdefault
auto=ignore

ipsec setup restart

but still doesn't help

kind regards
cccc

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved