Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] Need help with IPSEC
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Sun, 11 Aug 2002 20:47:58 +0200
  • Message-id: <20020811204757.E3086@xxxxxxxxx>
* SCHULZ, Wolfgang wrote on Fri, Aug 09, 2002 at 16:34 +0200:
> Hi!
> I'm using SuSE 7.0 (with FreeS/WAN 1.4) on a firewall gateway
> and SafeNet/Softremote for a WIN2000 machine and want to
> configure a road warrior VPN. The road warriod should connect
> to a maskeraded net (10.96.1.64/26) behind the firewall. The
> problem which makes me cracy is the following: I can establish
> an SA - there is a tunnel between the WIN2000 machine and the
> firewall. I can ping from the road warrior PC to the internal
> address of the firewall (10.96.1.102) but I can't ping or make
> a connection to any other machine in that subnet.

May it be a "ordinary" routing problem? From the firewall / VPN
GW, you can ping -I 10.96.1.102 10.96.1.65 (or whatever
destination)?

> I tested with tcpdump that the ICMP packets arrive at the ipsec
> interfac on the firewall but nothing is sent out at the
> internal interface (eth0).

Do you use rp filters? Do you have ip forward enabled? Strange...
You tried it without firewalling at all, correct?

> For me this looks like a routing problem but I have no idea
> what could be configured in another way.

Is this configured on the same VPN GW / external box? Is the
setup the same but without a road warrior?

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >
References