Mailinglist Archive: opensuse-security (300 mails)
| < Previous | Next > |
Re: [suse-security] IP Tunnel in only one direction possible
- From: Ray Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
- Date: 23 Apr 2003 13:10:23 +0200
- Message-id: <1051096222.15726.36.camel@xxxxxxxxxxxxxxxxx>
Also, make sure forwarding is turned on for that interface.
On Wed, 2003-04-23 at 13:02, Thomas Kerkau wrote:
> Hi Peter,
>
>
> > |NET2 pings NET1: GW2(eth0) logs an icmp request ?
> > on eth0:
> > 9 7.631138 192.168.101.239 192.168.100.205 ICMP Echo
> > (ping) request
>
> the paket is entering GW2.
>
> >
> > 192.168.101.0/24 ist net2 internal
> > 192.168.100.0/24 ist net1 internal
> >
> > on ipsec0:
> > 3 1.694921 217.235.199.35 192.168.100.205 ICMP
> > Echo (ping) request
>
> the paket is leaving ipsec0
>
> >
> > on eth1:
> > nothing--
> >
> > on ppp0
> > nothing--
>
> but not forwarded to ppp0/eth1. Just checked this on a 7.3, you will see
> ESP-pakets on both. hopfully this was not changed. Is ipsec0 bound to
> eth1/ppp0 (interfaces directive in ipsec.conf)?
>
> > Yes I forgot to paste int the reply. :)
> > but basically ipsec0 looks differnent on both machines
> >
> > GW2:|> 10:21:04.305584 192.168.101.239 > 192.168.100.1: icmp: echo
> > GW1:|> 08:51:05.057368 unknown ip 0
>
> Are you shure that these entries are correlated? Do you see ESP-pakets
> on the external interface of GW1?
>
> My feeling at this point is that GW2 doesn't send any paket to GW1.
> Check if "ipsec eroute" and "ipsec auto --status" shows the correct
> connections, and check "route".
>
> Greetings, Thomas
>
>
> --
> www.ArcStyler.com - the Architectural IDE for MDA:J2EE/.NET/EAI
> -> CyberOne Award
> -> Winner Crossroads A-List Award USA
> -> IBM Solution Excellence Award winner for Hot Java Solution
> -> European Information Society Technologies Prize Winner
> -> Made with ArcStyler: http://www.io-software.com/customers
> -> OMG Press, John Wiley 2002 www.ConvergentArchitecture.com
>
> ----- < iO > ---------------------------------------------------------
> Interactive Objects Software GmbH
> mailto:Thomas.Kerkau@xxxxxxxxxxxxxxx
> http://www.io-software.com
> Basler Strasse 65, D-79100 Freiburg, Germany
> Tel: [+49]-761-40073-0, Fax: [+49]-761-40073-73
> ----------------------------------------------------------------------
On Wed, 2003-04-23 at 13:02, Thomas Kerkau wrote:
> Hi Peter,
>
>
> > |NET2 pings NET1: GW2(eth0) logs an icmp request ?
> > on eth0:
> > 9 7.631138 192.168.101.239 192.168.100.205 ICMP Echo
> > (ping) request
>
> the paket is entering GW2.
>
> >
> > 192.168.101.0/24 ist net2 internal
> > 192.168.100.0/24 ist net1 internal
> >
> > on ipsec0:
> > 3 1.694921 217.235.199.35 192.168.100.205 ICMP
> > Echo (ping) request
>
> the paket is leaving ipsec0
>
> >
> > on eth1:
> > nothing--
> >
> > on ppp0
> > nothing--
>
> but not forwarded to ppp0/eth1. Just checked this on a 7.3, you will see
> ESP-pakets on both. hopfully this was not changed. Is ipsec0 bound to
> eth1/ppp0 (interfaces directive in ipsec.conf)?
>
> > Yes I forgot to paste int the reply. :)
> > but basically ipsec0 looks differnent on both machines
> >
> > GW2:|> 10:21:04.305584 192.168.101.239 > 192.168.100.1: icmp: echo
> > GW1:|> 08:51:05.057368 unknown ip 0
>
> Are you shure that these entries are correlated? Do you see ESP-pakets
> on the external interface of GW1?
>
> My feeling at this point is that GW2 doesn't send any paket to GW1.
> Check if "ipsec eroute" and "ipsec auto --status" shows the correct
> connections, and check "route".
>
> Greetings, Thomas
>
>
> --
> www.ArcStyler.com - the Architectural IDE for MDA:J2EE/.NET/EAI
> -> CyberOne Award
> -> Winner Crossroads A-List Award USA
> -> IBM Solution Excellence Award winner for Hot Java Solution
> -> European Information Society Technologies Prize Winner
> -> Made with ArcStyler: http://www.io-software.com/customers
> -> OMG Press, John Wiley 2002 www.ConvergentArchitecture.com
>
> ----- < iO > ---------------------------------------------------------
> Interactive Objects Software GmbH
> mailto:Thomas.Kerkau@xxxxxxxxxxxxxxx
> http://www.io-software.com
> Basler Strasse 65, D-79100 Freiburg, Germany
> Tel: [+49]-761-40073-0, Fax: [+49]-761-40073-73
> ----------------------------------------------------------------------
| < Previous | Next > |