Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Need help with IPSEC
  • From: "SCHULZ, Wolfgang" <W.Schulz@xxxxxx>
  • Date: Fri, 9 Aug 2002 16:34:58 +0200
  • Message-id: <F2EE95879D66FE4DAE25DBEC5020F3A3026D44@xxxxxxxxxxxxxx>
I'm using SuSE 7.0 (with FreeS/WAN 1.4) on a firewall gateway and SafeNet/Softremote for a WIN2000 machine and want to configure a road warrior VPN. The road warriod should connect to a maskeraded net ( behind the firewall. The problem which makes me cracy is the following:
I can establish an SA - there is a tunnel between the WIN2000 machine and the firewall. I can ping from the road warrior PC to the internal address of the firewall ( but I can't ping or make a connection to any other machine in that subnet.

I tested everything with and without firewall rules - no difference. Also the firewall script should be configured correctly because I have already a tunnel established between my subnet and another subnet which is working correctly. There are also no warning messges in the log file that the firewall rejects something!

I tested with tcpdump that the ICMP packets arrive at the ipsec interfac on the firewall but nothing is sent out at the internal interface (eth0).
For me this looks like a routing problem but I have no idea what could be configured in another way.

I also searched in the list archives and didn't find anything.

Who as an idea?

My configuration:

Internal net:
Firewall: intern(eth0):
External net:
PC with Softremote:

The connection in the ipsec.conf file is configured in the following way:
# sample connection
conn sample
# Left security gateway, subnet behind it, next hop toward right.
# Right security gateway, subnet behind it, next hop toward left.

< Previous Next >
Follow Ups