LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 05-03-2006, 01:22 PM   #1
the_jaymz
LQ Newbie
 
Registered: Mar 2005
Location: Mobile, AL, USA
Distribution: Fedora Core 6
Posts: 9

Rep: Reputation: 0
Arrow OpenSWAN and IPTables


I'm trying to setup a VPN between my FC5 server and a friend's Kubuntu server. Both machines act as the firewall/gateway for their LANs. The network is setup like this:
192.168.1.0/24<--->192.168.1.1|My FC5 Server|68.63.78.xxx<--->68.63.31.xxx|Friend's Kubuntu Server|192.168.2.1<--->192.168.2.0/24

We're using OpenSwan. Here are the results of "ipsec auto --status"
Code:
[root@JMH-LINUX ~]# ipsec auto --status
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth1/eth1 192.168.1.1
000 interface eth1/eth1 192.168.1.1
000 interface eth0/eth0 68.63.78.xxx
000 interface eth0/eth0 68.63.78.xxx
000 %myid = (none)
000 debug none
<--SNIP-->
000 "net-to-net": 192.168.1.0/24===68.63.78.xxx---68.63.78.129...68.63.78.129---68.63.31.xxx===192.168.2.0/24; erouted; eroute owner: #29
000 "net-to-net":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "net-to-net":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "net-to-net":   policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: eth0;
000 "net-to-net":   newest ISAKMP SA: #36; newest IPsec SA: #29;
000 "net-to-net":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000
000 #35: "net-to-net":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 396s; lastdpd=-1s(seq in:0 out:0)
000 #29: "net-to-net":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 9922s; newest IPSEC; eroute owner
000 #29: "net-to-net" esp.8b0eb98c@68.63.31.xxx esp.4577e49a@68.63.78.xxx tun.0@68.63.31.xxx tun.0@68.63.78.xxx
000 #36: "net-to-net":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3226s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)
000
[root@JMH-LINUX ~]#
It looks like the VPN is up, but we can't ping anything across it or do anything else across it for that matter. Do we need to change IP tables or something?
Thanks
 
Old 05-03-2006, 02:48 PM   #2
the_jaymz
LQ Newbie
 
Registered: Mar 2005
Location: Mobile, AL, USA
Distribution: Fedora Core 6
Posts: 9

Original Poster
Rep: Reputation: 0
Is noone able to help me? Could I post more information that would help?
 
Old 03-06-2007, 04:16 AM   #3
muha
Member
 
Registered: Nov 2005
Distribution: xubuntu, grml
Posts: 451

Rep: Reputation: 37
A bit late but: i'd like to see your /etc/ipsec.conf
I think there might be a problem with it.
 
  


Reply

Tags
iptables, openswan, vpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
openswan 2.1.1 Giovanni26 Linux - Security 5 01-07-2010 12:44 PM
Openswan Evgeny Linux - Security 4 01-07-2010 12:43 PM
openswan amsri Linux - Software 1 01-14-2006 12:11 AM
openswan Circuit Monkey Linux - Newbie 1 03-22-2005 03:30 PM
Openswan Evgeny Linux - Security 3 03-05-2005 04:59 AM


All times are GMT -5. The time now is 06:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration