Mailinglist Archive: opensuse-security (300 mails)
| < Previous | Next > |
Re: [suse-security] IP Tunnel in only one direction possible
- From: Thomas Kerkau <Thomas.Kerkau@xxxxxxxxxxxxxxx>
- Date: Wed, 23 Apr 2003 13:02:13 +0200
- Message-id: <3EA672B5.9308F1A3@xxxxxxxxxxxxxxx>
Hi Peter,
> |NET2 pings NET1: GW2(eth0) logs an icmp request ?
> on eth0:
> 9 7.631138 192.168.101.239 192.168.100.205 ICMP Echo
> (ping) request
the paket is entering GW2.
>
> 192.168.101.0/24 ist net2 internal
> 192.168.100.0/24 ist net1 internal
>
> on ipsec0:
> 3 1.694921 217.235.199.35 192.168.100.205 ICMP
> Echo (ping) request
the paket is leaving ipsec0
>
> on eth1:
> nothing--
>
> on ppp0
> nothing--
but not forwarded to ppp0/eth1. Just checked this on a 7.3, you will see
ESP-pakets on both. hopfully this was not changed. Is ipsec0 bound to
eth1/ppp0 (interfaces directive in ipsec.conf)?
> Yes I forgot to paste int the reply. :)
> but basically ipsec0 looks differnent on both machines
>
> GW2:|> 10:21:04.305584 192.168.101.239 > 192.168.100.1: icmp: echo
> GW1:|> 08:51:05.057368 unknown ip 0
Are you shure that these entries are correlated? Do you see ESP-pakets
on the external interface of GW1?
My feeling at this point is that GW2 doesn't send any paket to GW1.
Check if "ipsec eroute" and "ipsec auto --status" shows the correct
connections, and check "route".
Greetings, Thomas
--
www.ArcStyler.com - the Architectural IDE for MDA:J2EE/.NET/EAI
-> CyberOne Award
-> Winner Crossroads A-List Award USA
-> IBM Solution Excellence Award winner for Hot Java Solution
-> European Information Society Technologies Prize Winner
-> Made with ArcStyler: http://www.io-software.com/customers
-> OMG Press, John Wiley 2002 www.ConvergentArchitecture.com
----- < iO > ---------------------------------------------------------
Interactive Objects Software GmbH
mailto:Thomas.Kerkau@xxxxxxxxxxxxxxx
http://www.io-software.com
Basler Strasse 65, D-79100 Freiburg, Germany
Tel: [+49]-761-40073-0, Fax: [+49]-761-40073-73
----------------------------------------------------------------------
> |NET2 pings NET1: GW2(eth0) logs an icmp request ?
> on eth0:
> 9 7.631138 192.168.101.239 192.168.100.205 ICMP Echo
> (ping) request
the paket is entering GW2.
>
> 192.168.101.0/24 ist net2 internal
> 192.168.100.0/24 ist net1 internal
>
> on ipsec0:
> 3 1.694921 217.235.199.35 192.168.100.205 ICMP
> Echo (ping) request
the paket is leaving ipsec0
>
> on eth1:
> nothing--
>
> on ppp0
> nothing--
but not forwarded to ppp0/eth1. Just checked this on a 7.3, you will see
ESP-pakets on both. hopfully this was not changed. Is ipsec0 bound to
eth1/ppp0 (interfaces directive in ipsec.conf)?
> Yes I forgot to paste int the reply. :)
> but basically ipsec0 looks differnent on both machines
>
> GW2:|> 10:21:04.305584 192.168.101.239 > 192.168.100.1: icmp: echo
> GW1:|> 08:51:05.057368 unknown ip 0
Are you shure that these entries are correlated? Do you see ESP-pakets
on the external interface of GW1?
My feeling at this point is that GW2 doesn't send any paket to GW1.
Check if "ipsec eroute" and "ipsec auto --status" shows the correct
connections, and check "route".
Greetings, Thomas
--
www.ArcStyler.com - the Architectural IDE for MDA:J2EE/.NET/EAI
-> CyberOne Award
-> Winner Crossroads A-List Award USA
-> IBM Solution Excellence Award winner for Hot Java Solution
-> European Information Society Technologies Prize Winner
-> Made with ArcStyler: http://www.io-software.com/customers
-> OMG Press, John Wiley 2002 www.ConvergentArchitecture.com
----- < iO > ---------------------------------------------------------
Interactive Objects Software GmbH
mailto:Thomas.Kerkau@xxxxxxxxxxxxxxx
http://www.io-software.com
Basler Strasse 65, D-79100 Freiburg, Germany
Tel: [+49]-761-40073-0, Fax: [+49]-761-40073-73
----------------------------------------------------------------------
| < Previous | Next > |