Hi Peter, this midght be due to yout iptables configuration. It is unlikley to be due to your ipsec or routing config, cause it works in one direction. I would try to take down iptables, if possible. This is not secure but a quick test. Maybe you take a look at your iptables configuration first, and compare FW1 and FW2, keeping in mind that FW2 has an external ethX and a pppX interface. Some further ideas: Maybe you try to use tcpdump on FW2, looking for the pakets from Net2 or enable loging for all pakets with iptables. Hope this helps a little but it is very dificult to guess what might be wrong, Thomas
I have a big problem, that today the VPN tunnel is only usable in one direction.
NET(1) --- FW1/VPN Gateway ---- internet ---- FW2 / VPN Gateway ---- NET(2)
I can ping from NET1 to NET2 and get replies. ( I also can use different other thinks like pcanywhere, file access to the pc's on net2,...)
I cannot ping from NET2 to NET1. There is nothing in the logfiles. I can only see on the interface statistik that the 4 ping packets are dropped.
I use on both sides: Freeswan 1.98b iptables Suse Linux 8.0
FW1: static IP Adresses , SDSL Connection FW2: dynamic IP Adresses, SDSL PPPoE Connection
I'm really stucked and help will be appreaciated.
Thanks
Peter
-- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- www.ArcStyler.com - the Architectural IDE for MDA:J2EE/.NET/EAI -> CyberOne Award -> Winner Crossroads A-List Award USA -> IBM Solution Excellence Award winner for Hot Java Solution -> European Information Society Technologies Prize Winner -> Made with ArcStyler: http://www.io-software.com/customers -> OMG Press, John Wiley 2002 www.ConvergentArchitecture.com ----- < iO > --------------------------------------------------------- Interactive Objects Software GmbH mailto:Thomas.Kerkau@io-software.com http://www.io-software.com Basler Strasse 65, D-79100 Freiburg, Germany Tel: [+49]-761-40073-0, Fax: [+49]-761-40073-73 ----------------------------------------------------------------------