Hi folks, I recognize a problem at my side. You meant "strange routing". Now I see what you mean. The IP's of the first GW on eth0 must be 192.168.200.1 and the IP on the eth1 of the second GW must be 192.168.100.1. Now I see my fault. The IP's on the boxes where set this way I told to you in the sentence before. By the way, I have a look at /var/log/messages and saw the message IPSec SA established and tcpdump tells me that there are UDP:500-->500 packets are going through the router (ip-proto-50). MfG. Stefan Walther stefan_walther@gehag-dsk.de dienst.: +4930/89786448 Funk: +49172/3943961 ----- Forwarded by Stefan Walther/GEHAG DSK GmbH on 01.09.2001 16:41 -----
hi folks,
I have the following problem. I have an established IPSec-tunnel between 2 boxes.
I'm using SuSE7.1 and FreeS/WAN 1.91. The FreeS/WAN tells me that the tunnel is established (last message in /var/log/messages).
My configuration is the following:
1st client-----1st-FreeS/WAN-gateway----ROUTER----2nd-FreeS/WAN-gateway------2nd-client
eth0--------------eth0------eth1----eth1-eth0----eth0--------eth1------eth0
!Every box is a linux box!
The 1st client has the following config: RedHat7.1, IP: 192.168.200.2 The 1st FreeS/WAN-gateway config is: SuSE 7.1, kernel 2.4.7, eth0: 192.168.100.1, eth1: 172.16.100.1, IP-forwarding without masquerading The Router has the following config: SuSE7.1, kernel 2.4.7, eth1: 172.16.100.2, eth0 10.16.100.2, IP-forwarding without masquerading The 2nd FreeS/WAN-gateway config is: SuSE7.1, kernel 2.4.7, eth0: 10.16.100.1, eth1: 192.168.200.1, IP-forwarding without masquerading The 2nd client has the following config: Windows2000, eth (seems to be a littlebit stupid): 192.168.100.2
Every netmask is 255.255.255.0;
If i start ipsec via, ipsec start at the shell, no error (exept the IPv6-bind error) occured. Before starting IPSec the routes, the the clients can pinging each other are set by hand. FreeS/WAN sets the routes to the ipsec0 interface.
After starting you cannot ping anymore from the 1st client to the 2nd client ans the other way around. Does anybody know a solution for this problem???
THX
MfG. Stefan Walther stefan_walther@gehag-dsk.de dienst.: +4930/89786448 Funk: +49172/3943961