On Saturday 18 October 2003 12:28, Markus Feilner wrote:
Am Freitag, 17. Oktober 2003 12:18 schrieb Frank Stuehmer:
Hi Markus,
I stopped all Firewall rules, and checked the ipsec configuration over and over, but i can't find a solution. Can anyone help me?
do you have in /etc/ipsec.conf lines like this: leftupdown=/usr/lib/ipsec/_updown.x509 ? In _updown.x509 routing and firewalling for ipsec connection will be set. With Suse-Firewall this configuration works fine for me.
Frank Stuehmer
Yes, I do. But that's not enough. And I tried with or without the gw entry in line 55 - as described on https://nso.freeswan.nl/archives/users/2003-September/msg00227.html this proved to be necessary for the routing. Now ping left-net-host -> right-net-host works, but ping right-net-host -> left-net-host doesn't. Packets are dropped on left-net-VPN-Server's interface ipsec0. but why? It answers correctly on a connection initiated from left-side-host, but can not ping to the other side... ????
So your packets go from right-net-host over right-net-gw through the tunnel to left-net-gw, there they are dropped ? Are they dropped by a firewall rule ?
Andreas No, definititely not. This happens both with SuSEFirewall activated and without. [I have entered ports 50,51 and 500 (on both systems) in /etc/sysconfig/SuSEfirewall2.] Behaviour is the same, with or without Firewall.
Am Montag, 20. Oktober 2003 07:57 schrieb Andreas Baetz: the one thing I don't understand is: why does it work one-way? why can I see and access the Samba-Server here from left hosts, but why can't I see the left hosts from here? It can't be: - Network Config - Authorization - because the Connection works. - Routing - because it works one-way and back. - Firewall - because it shows the same with or without. Can it be: a) DSL - i have a dial-in DSL line with ppp0 as interface with non-local IP. b) Routing, even though it seems inpossible? what's the parameter interfaces=%defaultroute good for? should my ppp0 interface be listed there? thanks a lot!!! -- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net