pingning problem with ipsec
Hello
I have mentioned my configuration details and firewall details are as follows...
left - left subnet - left live ip <==> right (ppp0) live ip - right subnet - right
192.168.100.200 - 192.168.100.0/24 -219.64.85.10 <==> 123.201.5.65 - 192.168.0.0/24 - 192.168.0.10
===============================================================================
SYSTEM CONFIGURATION
BOTH SIDE RH9 - Kernel 2.4.20-8
IPSEC/OPENSWAN - Linux Openswan U2.4.4/K2.06 (klips)
RPM I HAVE INSTALLED ...
1] openswan-2.4.4-1
2] openswan-klips-2.4.4-2.4.20_43.9.legacy_1
3] freeswan-module-2.06_2.4.20_8-0 (installed for ipsec.o kernel module)
===============================================================================
LEFT Configuration (SERVER)
conn net-to-net
left=219.64.85.10 #public Internet IP for left side
leftsubnet=192.168.100.0/24 #subnet protected left vpn devices
leftid=@linux1
leftrsasigkey=0sAQNk.............
leftnexthop=123.201.5.65
right=123.201.5.65
rightsubnet=192.168.0.0/24
rightid=@linux0
rightrsasigkey=0sAQOiaf..........
rightnexthop=219.64.85.10
auto=start
===============================================================================
RIGHT Configuration (CLIENT)
conn net-to-net
left=123.201.5.65
leftsubnet=192.168.0.0/24
leftid=@linux0
leftrsasigkey=0sAQOiafvKZ....
leftnexthop=219.64.85.10
right=219.64.85.10 #public Internet IP for left side
rightsubnet=192.168.100.0/24 #subnet protected left vpn devices
rightid=@linux1
rightrsasigkey=0sAQNkqNYE......
rightnexthop=123.201.5.65
auto=start
===============================================================================
AND FIREWALL CONFIGURATION IS AS FOLLOWS.....
===============================================================================
#iptables -P OUTPUT DROP
#iptables -P INPUT DROP
#iptables -P FORWARD DROP
#iptables -F
# Set default policies
#iptables -P OUTPUT ACCEPT
#iptables -P INPUT DROP
#iptables -P FORWARD DROP
# Allow services such as www and ssh (can be disabled)
RMT_IPSEC_IP=219.64.85.10
LCL_IPSEC_IP=123.201.5.65
MY_NETWORK=192.168.100.0/24
RM_NETWORK=192.168.0.0/24
#Firewall configuration to allow IPSec traffic to pass from a remote IPSec
#server (219.64.85.229: Tata) to our local IPSec Server (IQURA: 123.201.17.180)
iptables -I FORWARD -s $RMT_IPSEC_IP -d $LCL_IPSEC_IP -p udp --dport 500 -j ACCEPT
iptables -I FORWARD -s $LCL_IPSEC_IP -d $RMT_IPSEC_IP -p udp --dport 500 -j ACCEPT
iptables -I FORWARD -s $RMT_IPSEC_IP -d $LCL_IPSEC_IP -p udp --dport 4500 -j ACCEPT
iptables -I FORWARD -s $LCL_IPSEC_IP -d $RMT_IPSEC_IP -p udp --dport 4500 -j ACCEPT
iptables -I FORWARD -s $RMT_IPSEC_IP -d $LCL_IPSEC_IP -p ah -j ACCEPT
iptables -I FORWARD -s $LCL_IPSEC_IP -d $RMT_IPSEC_IP -p ah -j ACCEPT
iptables -I FORWARD -s $RMT_IPSEC_IP -d $LCL_IPSEC_IP -p esp -j ACCEPT
iptables -I FORWARD -s $LCL_IPSEC_IP -d $RMT_IPSEC_IP -p esp -j ACCEPT
iptables -t nat -I POSTROUTING -s $MY_NETWORK -d ! $RM_NETWORK -o eth1 -j MASQUERADE
iptables -A INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
iptables -I FORWARD -i ipsec0 -j ACCEPT
iptables -I FORWARD -i ipsec0 -p tcp --dport 110 -j ACCEPT
iptables -I FORWARD -i eth0 -p tcp --dport 110 -j DROP
iptables -t mangle -A PREROUTING -i eth1 -p esp -j MARK --set-mark 1
iptables -I INPUT -i eth1 -m mark --mark 1 -p tcp --dport 110 -j ACCEPT
iptables -I FORWARD -i eth1 -m mark --mark 1 -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -i eth1 -p tcp --dport 110 -j DROP
echo "1" > /proc/sys/net/ipv4/ip_forward
===============================================================================
Help me out.. please
I have tried lot..
I am successful to make tunnel but unable to ping each other network.. May be there is any mistake with firewall or regarding routing or configuration.
Any good suggestion is appreciated....
Thanks in Advance
|