[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipsec problem

On Tue, 2004-10-19 at 10:15, Giuseppe Sacco wrote:
> Hi,
> I am facing a problem with my first installation of IPSec, and I need some
> hint :-)
> 
> I have one firewall that also does ipsec. It is a Sarge machine, with
> openswan, that protects a LAN with addresses 192.168.10.0/24.
> 

The openswan list is probably the best place to ask this kind of
question, since it's dedicated to ipsec and openswan questions. A bunch
of folks on that list seem to be pretty familiar with debian as well. I
may be able to offer a little advice, but those guys are the real gurus.

> I installed a client machine, still Sarge with same software, that should
> be able to connect to the first machine. Both machines have a public IP.
> 
> When the connection starts, it seems that everithing is okay, but then,
> when I  connect from the client to the one server inside the LAN, I see
> that the client machine is sending all packets not encripted directly to
> the internet provider. Since they are using private IPs the provider drops
> the packets.
> 
> client config is
> ---------
> config setup
>         klipsdebug=all
>         plutodebug=none
>         interfaces="ipsec0=ppp0 ipsec1=eth1"

are you running KLIPS, or native IPsec? If you are not running KLIPS,
you dont need (and cannot use) this line. What kernels are you using?
What is the output of ipsec verify & ipsec auto --status on both hosts?
You say that the client is having problems communicating with one host
on the remote LAN. Can it communicate with any others? Can the gateway
ping the client?

-davidc
Reply to: