At 15:22 09.09.2002 +0200, you wrote:
I try meanwhile for two weeks to successfully connect AND ping and connect to Server in the subnet 192.168.50 or .55 (behind the 2nd Linux-Router). The VPN-Tunnel is established also (afaik), but nothing else happens. I can't reach on server. no Server in DMZ and no server in the inner-LAN behind the second Linux-Router. Also There are no logged drops or rejects from the firewall.
Maybe the answers is simple. According to your logs and your description everything seems to work fine.
In the docs of freeswan you can read, that you CAN NOT ping into the VPN or to the other VPN-gateway from the gateway-box itself as long as you dont take connection type tunnel! So try to ping from a box in the VPN-subnet to a box in the other subnet.
Yes i know that i can't ping the firewall using freeswan directly. but a ping from the roadwarrior to a server in one of the subnets behind the firewall have to function, or not? but also a "net use" from the roadwarrior to the samba-service of the inner-router don't goes, too. i think, the problem is the SuSEfirewall. I've read, that maskerading for the vpn-client have to switch off, but how i can do that? in my /etc/rc.config.d/firewall2.rc.config the Parameter FW_MASQ_NETS="192.168.0.0/16" contains all Subnets. How can i switch off the maskerading for the connection Server <--> Roadwarrior only? Thanks for any hints... Michael By the way - here is my ipsec.conf from the free/SWAN-Gateway: config setup interfaces="ipsec0=eth0" klipsdebug=none plutodebug=none plutoload=%search plutostart=%search uniqueids=no conn %default keyingtries=1 type=tunnel conn warriors left=0.0.0.0 leftsubnet= leftnexthop= right=195.91.41.11 rightsubnet=192.168.0.0/16 rightnexthop=195.91.41.254 rightupdown=/usr/lib/ipsec/_updown_custom compress=yes keyexchange=ike pfs=yes authby=secret auto=add