| the_jaymz |
05-03-2006 12:22 PM |
OpenSWAN and IPTables
I'm trying to setup a VPN between my FC5 server and a friend's Kubuntu server. Both machines act as the firewall/gateway for their LANs. The network is setup like this:
192.168.1.0/24<--->192.168.1.1|My FC5 Server|68.63.78.xxx<--->68.63.31.xxx|Friend's Kubuntu Server|192.168.2.1<--->192.168.2.0/24
We're using OpenSwan. Here are the results of "ipsec auto --status"
Code:
[root@JMH-LINUX ~]# ipsec auto --status
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth1/eth1 192.168.1.1
000 interface eth1/eth1 192.168.1.1
000 interface eth0/eth0 68.63.78.xxx
000 interface eth0/eth0 68.63.78.xxx
000 %myid = (none)
000 debug none
<--SNIP-->
000 "net-to-net": 192.168.1.0/24===68.63.78.xxx---68.63.78.129...68.63.78.129---68.63.31.xxx===192.168.2.0/24; erouted; eroute owner: #29
000 "net-to-net": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "net-to-net": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "net-to-net": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: eth0;
000 "net-to-net": newest ISAKMP SA: #36; newest IPsec SA: #29;
000 "net-to-net": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000
000 #35: "net-to-net":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 396s; lastdpd=-1s(seq in:0 out:0)
000 #29: "net-to-net":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 9922s; newest IPSEC; eroute owner
000 #29: "net-to-net" esp.8b0eb98c@68.63.31.xxx esp.4577e49a@68.63.78.xxx tun.0@68.63.31.xxx tun.0@68.63.78.xxx
000 #36: "net-to-net":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3226s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)
000
[root@JMH-LINUX ~]#
It looks like the VPN is up, but we can't ping anything across it or do anything else across it for that matter. Do we need to change IP tables or something?
Thanks |
