I am trying to establish a VPN tunnel between a remote Internet attached PC (RoadWorrior) and the masqueraded private network (192.168.1.0) on my LRP (Charles Steinkuehler's Eigerstein modified for ipsec 1.5).
The RoadWarrior is using PGPnet configured according to the instructions given in "Ipsec practical configurations for Linux Freeswan 1.X." by Jean-Francois Nadeau (http://jixen.tripod.com).
PGPnet indicates a valid connection (SA) is established, however, I cannot transmit in either direction (i.e. "pings" in either direction fail).
On the LRP side, Ipsec appears to create valid bi-directional forwarding rules after the connection is established as indicated by "ipchains -L forward -n":
Chain forward (policy DENY):
target
ACCEPT
ACCEPT
DENY
MASQ
DENY
My /etc/ipsec.conf is:
config setup
conn %default
conn vpntest
My modifications to /etc/ipfilter.conf (near the end of the script) are:
$IPCH -I input -j ACCEPT -p udp -s 0/0 500 -d $EXTERN_IP 500 -i $EXTERN_IF
$IPCH -I output -j ACCEPT -p udp -s $EXTERN_IP 500 -d 0/0 500 -i $EXTERN_IF
$IPCH -I input -j ACCEPT -p 50 -s 0/0 -d $EXTERN_IP -i $EXTERN_IF
$IPCH -I output -j ACCEPT -p 50 -s $EXTERN_IP -d 0/0 -i $EXTERN_IF
$IPCH -I input -j ACCEPT -p 51 -s 0/0 -d $EXTERN_IP -i $EXTERN_IF
$IPCH -I output -j ACCEPT -p 51 -s $EXTERN_IP -d 0/0 -i $EXTERN_IF
I would appreciate any ideas on how to solve my problem.
Phil Faris
