Mailinglist Archive: opensuse-security (145 mails)

< Previous Next >
Problem with ipsec routing
  • From: "ONAY, Gabriel" <G.Onay@xxxxxx>
  • Date: Wed, 1 Dec 2004 10:30:17 +0100
  • Message-id: <F2EE95879D66FE4DAE25DBEC5020F3A340C67C@xxxxxxxxxxxxxx>
Dear all

I have a vpn connection that only works in a direction.


Configuration:

GW-Left:
Suse 9.2 (kernel 2.6.8-24.3-default))
Openswan 2.2.0
Susefirewall 3.2

GW-Right:
Suse 7.3 (kernel 2.4-18)
freeswan 1.98b
Susefirewall

PC-Left/Right
Windows XP SP1



| PC-Left |------------| GW-Left
|--------------<Router>-------------| GW-Right |------------| PC-Right |



ISAKMP SA is established, also key-exchange seems to work.
A ping from PC-Right to PC-Left works fine, put a ping from PC-Left to
PC-Right works not.


ipsec.conf

plutodebug=none
# Certificate Revocation List handling
#crlcheckinterval=600
#strictcrlpolicy=yes
# Change rp_filter setting, default = 0 (switch off)
rp_filter=%unchanged
# Switch on NAT-Traversal (if patch is installed)
nat_traversal=yes
interfaces=%defaultroute
#forwardcontrol=yes

# default settings for connections
conn %default
# Default: %forever (try forever)
#keyingtries=3
# Sig keys (default: %dnsondemand)
#leftrsasigkey=%cert
#rightrsasigkey=%cert
# Lifetimes, defaults are 1h/8hrs
#ikelifetime=20m
#keylife=1h
#rekeymargin=8m
left=%defaultroute
compress=no

# Add connections here

# sample VPN connection
conn kbs-test
type=tunnel
auth=esp
# Left security gateway, subnet behind it, next hop
toward right.
left=83.0.0.51
leftsubnet=10.0.0.64/26
leftnexthop=83.0.0.49
# Right security gateway, subnet behind it, next hop
toward left.
right=83.0.0.52
rightsubnet=10.0.0.192/26
rightnexthop=83.0.0.49
# To authorize this connection, but not actually start
it, at startup,
# uncomment this.
auto=start
authby=secret


#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf


Any ideas about that?
Greetings,

Gabriel

< Previous Next >
This Thread
  • No further messages