Tom, What happens if you ping from both sides of the tunnel? (ie ping the astlinux box from a pc on the remote side and ping a remote pc from the local side?)
Darrick Tom Mazzotta wrote: > I'm running astlinux-0.6.7 (Asterisk 1.4.26) on a Soekris net 5501 and I am > trying to setup a gateway to gateway VPN with a Cisco PIX device. Both > devices have external interfaces on the internet (static IP for PIX and > dynamic for soekris). The PIX is configured with a pre-shared key, 3DES > encryption, MD5 Hash, group 2, lifetime 86400, and the ip range/mask of the > LAN segment on the soekris. In astlinux, I've enabled the racoon-ipsec-vpn > plugin, checked "IPsec" under VPN Type and on the IPsec config page I have > defined the appropriate addressing info, w/ a 3DES/MD5 profile, the same PSK, > NAT "off", and a log level of debug. The following is the log info I see on > the status page after restarting IPsec: > > Sep 14 19:51:34 pbx daemon.info racoon: INFO: racoon shutdown > Sep 14 19:51:34 pbx user.info firewall: ** Restarting Arno's Iptables > Firewall v1.8.8n ** > Sep 14 19:51:40 pbx user.info firewall: ** All firewall rules applied ** > Sep 14 19:51:41 pbx daemon.info racoon: INFO: @(#)ipsec-tools 0.7.2 > (http://ipsec-tools.sourceforge.net) > Sep 14 19:51:41 pbx daemon.info racoon: INFO: @(#)This product linked OpenSSL > 0.9.7m 23 Feb 2007 (http://www.openssl.org/) > Sep 14 19:51:41 pbx daemon.info racoon: INFO: Reading configuration from > "/tmp/etc/racoon.conf" > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: compression algorithm can not > be checked because sadb message doesn't support it. > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: getsainfo params: > loc='192.168.168.0/24', rmt='192.168.2.0/24', peer='NULL', id=0 > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: getsainfo pass #2 > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: open /var/racoon/racoon.sock > as racoon management. > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: my interface: 192.168.168.1 > (br0) > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: my interface: 192.168.169.1 > (eth3) > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: my interface: 69.114.2.42 > (eth0) > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: my interface: 127.0.0.1 (lo) > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: configuring default isakmp > port. > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: 4 addrs are configured > successfully > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 127.0.0.1[500] used as isakmp > port (fd=8) > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 127.0.0.1[500] used for NAT-T > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 69.114.2.42[500] used as isakmp > port (fd=9) > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 69.114.2.42[500] used for NAT-T > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 192.168.169.1[500] used as > isakmp port (fd=10) > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 192.168.169.1[500] used for > NAT-T > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 192.168.168.1[500] used as > isakmp port (fd=11) > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 192.168.168.1[500] used for > NAT-T > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: pk_recv: retry[0] recv() > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: get pfkey X_SPDDUMP message > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: pfkey X_SPDDUMP failed: No > such file or directory > > A ping test from an SSH session on the soekris box to a host on the remote > network fails. Any idea what I am doing wrong? > > Tom Mazzotta, President | TITAN MICROSYSTEMS > > > > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
