Gianni Socionovo wrote: > Hello guys, > > i am a newbie about openswan and a support service ask me to create a > VPN connection with them using just only public IP addresses. > > So i'm trying from several days to establish the following connection ( > in a simulated network environment) > > left subnet ----------------->left VPN gw > ---------------------------------> right VPN gw ------------------> > right subnet > 88.xxx.yyy.abc/32 --------->88.xxx.yyy.rst > -------------------------------> 85.ttt.www.npq ------------------> > 85.ttt.www.def/32 > > where > > 88.xxx.yyy is the same subnet for VPN gw and left subnet and the same is > for 85.ttt.www. > > left and right subnets has 88.xxx.yyy.rst and 85.ttt.ww.npq as their own > network gateways respectively. > > Both Vpn gateways, in the simulated network environment, have openswan > 2.49 on linux kernel 2.6.24-19 and shorewall 4.0.6 single interface as > firewall > The two subnet hosts have linux kernel 2.6.24-19 and shorewall 4.0.6 > single interface as firewall. > > I can establish the VPN connection between gateways as resulting from > message : > > ipsec auto --status > .... > r...@rightvpngw:~# #428: "VpnTest":500 STATE_QUICK_R2 (IPsec SA > established); EVENT_SA_REPLACE in 1256s; newest IPSEC; eroute owner > 000 #428: "VpnTest" [email protected] > [email protected] [email protected] [email protected] > 000 #426: "VpnTest":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); > EVENT_SA_REPLACE in 826s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0) > r...@rightvpngw:~# 000 #428: "VpnTest" [email protected] > [email protected] [email protected] [email protected] > > but it seems I cannot reach the two hosts in the subnets. > > I check the firewall and i found no reject or drop messages, so i think > it is a routing problem > > Is anyone can help me asap?
I can give you several bits of advice: a) Get everything working before adding Shorewall. You can 'shorewall clear' until you have IPSEC working correctly. That way you know that the firewall is not causing any problems. b) Post on this list only when you have IPSEC working but when you start Shorewall, things stop working. Then you know that you have a Shorewall problem and we will be happy to help. c) Beginning with Kernel 2.6 and the PF_KEY implementation, IPSEC works IN PARALLEL with routing. So it is very doubtful that you have a 'routing problem' and much more likely that you have an 'OpenSwan configuration problem'. d) If you do need to post here again, please follow the problem reporting guidelines at http://www.shorewall.net/support.htm. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
