I'm trying to setup a simple ipsec tunnel between two 10.2 boxes and I'm
running into problems. If I look at /var/log/messages I can see that my
tunnel has been established.
Feb 16 08:32:39 server-01 ipsec__plutorun: 004 "testlink" #2:
STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x68ac18fd
<0x69557d5b xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}
But I can't ping the other side.
Here is a copy of my ipsec.conf file:
++++++++++++++++++++++++++++++++++++++++++++++++++++++
version 2.0
config setup
plutowait=yes
conn %default
include /etc/ipsec.d/examples/no_oe.conf
conn testlink
left=A.B.C.113
leftnexthop=A.B.C.118
leftsubnet=192.168.100.0/24
leftrsasigkey=sAQN5Ze+hnho5repR4/NY3Fg8x5ghshIdc.... <trimmed>
#
right=X.Y.Z.61
rightnexthop=X.Y.Z.57
rightsubnet=192.168.200.0/24
rightrsasigkey=0sAQPBqwAOBlFlRZsXiUlsE8vNHU3jrT.... <trimmed>
#
authby=rsasig
auto=start
++++++++++++++++++++++++++++++++++++++++++++++++++++++
I have ipsec enabled in SuSE firewall.
To forward packets back and forth. I have added the string
192.168.100.0/24,192.168.200.0/24,,,ipsec
192.168.200.0/24,192.168.100.0/24,,,ipsec to FW_FORWARD in sysconfig.
A.B.C.113's route looks like:
Destination Gateway Genmask Flags
Metric Ref Use Iface
A.B.C.112 0.0.0.0 255.255.255.248 U 0
0 0 eth0
192.168.100.0 0.0.0.0 255.255.255.0 U 0
0 0 eth1
192.168.100.0 0.0.0.0 255.255.255.0 U 0
0 0 eth0
192.168.200.0 A.B.C.118 255.255.255.0 UG 0
0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0
0 0 lo
0.0.0.0 A.B.C.118 0.0.0.0 UG 0
0 0 eth0
X.Y.Z.61's route looks like:
Destination Gateway Genmask Flags Metric Ref
Use Iface
X.Y.Z.56 0.0.0.0 255.255.255.248 U 0 0
0 eth1
192.168.100.0 X.Y.Z.57 255.255.255.0 UG 0 0
0 eth1
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0
0 eth0
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0
0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0
0 lo
0.0.0.0 X.Y.Z.57 0.0.0.0 UG 0 0
0 eth1
Is there something else I'm missing?
TIA,
Ken
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
