Noon,
Both ends of the VPN are configured as follows:
- Suse 10.1 - Openswan 2.4.4
- Debian 4.0 - Openswan 2.4.6
The Suse end has a VPN with other 2 places, and the VPN for those places works fine (both of them are also Suse 10.1 with Openswan 2.4).
The VPN between the Suse and Debian only works in one direction (the Suse side can access anything on the Debian side, but not the opposite).
The connection config in both ipsec.conf is as follow:
Quote:
Debian (right):
conn X
left=x.x.x.x
leftsubnet=192.168.0.0/23
leftnexthop=%defaultroute
leftrsasigkey=xxxxx...
right=y.y.y.y
rightsubnet=192.168.7.0/24
rightnexthop=%defaultroute
rightrsasigkey=yyyyy...
auto=start
Suse (left):
conn X
left=x.x.x.x
leftsubnet=192.168.0.0/23
leftnexthop=%defaultroute
leftrsasigkey=xxxxx...
right=y.y.y.y
rightsubnet=192.168.7.0/24
rightnexthop=%defaultroute
rightrsasigkey=yyyyy...
auto=add
|
ipsec verify for both ends:
Quote:
Debian:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.6/K2.6.18-5-486 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
Suse:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.4/K2.6.16.21-0.25-smp (netkey)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'curl' command for CRL fetching [OK]
Checking for 'setkey' command for NETKEY IPsec stack support [OK]
Opportunistic Encryption Support [DISABLED]
|
The VPN has been established (the proof being that the left end can access everything in the right end, and if I kill IPSec daemon, the connection is killed) and everything seens just fine.
Already removed openswan and installed it again in Debian, and got the same result, even with a different key.
Please, I need help with that, urgent.
Thank you very much