IP Tunnel in only one direction possible
Hello to everyone, I have a big problem, that today the VPN tunnel is only usable in one direction. NET(1) --- FW1/VPN Gateway ---- internet ---- FW2 / VPN Gateway ---- NET(2) I can ping from NET1 to NET2 and get replies. ( I also can use different other thinks like pcanywhere, file access to the pc's on net2,...) I cannot ping from NET2 to NET1. There is nothing in the logfiles. I can only see on the interface statistik that the 4 ping packets are dropped. I use on both sides: Freeswan 1.98b iptables Suse Linux 8.0 FW1: static IP Adresses , SDSL Connection FW2: dynamic IP Adresses, SDSL PPPoE Connection I'm really stucked and help will be appreaciated. Thanks Peter -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
Hi Peter, this midght be due to yout iptables configuration. It is unlikley to be due to your ipsec or routing config, cause it works in one direction. I would try to take down iptables, if possible. This is not secure but a quick test. Maybe you take a look at your iptables configuration first, and compare FW1 and FW2, keeping in mind that FW2 has an external ethX and a pppX interface. Some further ideas: Maybe you try to use tcpdump on FW2, looking for the pakets from Net2 or enable loging for all pakets with iptables. Hope this helps a little but it is very dificult to guess what might be wrong, Thomas
I have a big problem, that today the VPN tunnel is only usable in one direction.
NET(1) --- FW1/VPN Gateway ---- internet ---- FW2 / VPN Gateway ---- NET(2)
I can ping from NET1 to NET2 and get replies. ( I also can use different other thinks like pcanywhere, file access to the pc's on net2,...)
I cannot ping from NET2 to NET1. There is nothing in the logfiles. I can only see on the interface statistik that the 4 ping packets are dropped.
I use on both sides: Freeswan 1.98b iptables Suse Linux 8.0
FW1: static IP Adresses , SDSL Connection FW2: dynamic IP Adresses, SDSL PPPoE Connection
I'm really stucked and help will be appreaciated.
Thanks
Peter
-- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- www.ArcStyler.com - the Architectural IDE for MDA:J2EE/.NET/EAI -> CyberOne Award -> Winner Crossroads A-List Award USA -> IBM Solution Excellence Award winner for Hot Java Solution -> European Information Society Technologies Prize Winner -> Made with ArcStyler: http://www.io-software.com/customers -> OMG Press, John Wiley 2002 www.ConvergentArchitecture.com ----- < iO > --------------------------------------------------------- Interactive Objects Software GmbH mailto:Thomas.Kerkau@io-software.com http://www.io-software.com Basler Strasse 65, D-79100 Freiburg, Germany Tel: [+49]-761-40073-0, Fax: [+49]-761-40073-73 ----------------------------------------------------------------------
Hi The fact that you can use PCAnywhere from Net1 to Net2 requires traffic flow in both directions, right? So, the problem is not likely to be routing, but probably something like a stray PREROUTING/POSTROUTING rule. Ray On Wed, 2003-04-23 at 09:06, Thomas Kerkau wrote:
Hi Peter,
this midght be due to yout iptables configuration. It is unlikley to be due to your ipsec or routing config, cause it works in one direction. I would try to take down iptables, if possible. This is not secure but a quick test. Maybe you take a look at your iptables configuration first, and compare FW1 and FW2, keeping in mind that FW2 has an external ethX and a pppX interface. Some further ideas: Maybe you try to use tcpdump on FW2, looking for the pakets from Net2 or enable loging for all pakets with iptables.
Hope this helps a little but it is very dificult to guess what might be wrong,
Thomas
I have a big problem, that today the VPN tunnel is only usable in one direction.
NET(1) --- FW1/VPN Gateway ---- internet ---- FW2 / VPN Gateway ---- NET(2)
I can ping from NET1 to NET2 and get replies. ( I also can use different other thinks like pcanywhere, file access to the pc's on net2,...)
I cannot ping from NET2 to NET1. There is nothing in the logfiles. I can only see on the interface statistik that the 4 ping packets are dropped.
I use on both sides: Freeswan 1.98b iptables Suse Linux 8.0
FW1: static IP Adresses , SDSL Connection FW2: dynamic IP Adresses, SDSL PPPoE Connection
I'm really stucked and help will be appreaciated.
Thanks
Peter
-- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- www.ArcStyler.com - the Architectural IDE for MDA:J2EE/.NET/EAI -> CyberOne Award -> Winner Crossroads A-List Award USA -> IBM Solution Excellence Award winner for Hot Java Solution -> European Information Society Technologies Prize Winner -> Made with ArcStyler: http://www.io-software.com/customers -> OMG Press, John Wiley 2002 www.ConvergentArchitecture.com
----- < iO > --------------------------------------------------------- Interactive Objects Software GmbH mailto:Thomas.Kerkau@io-software.com http://www.io-software.com Basler Strasse 65, D-79100 Freiburg, Germany Tel: [+49]-761-40073-0, Fax: [+49]-761-40073-73 ----------------------------------------------------------------------
participants (3)
-
Ray Leach -
telest@gmx.net -
Thomas Kerkau