[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] IP Tunnel in only one direction possible

To: SuSE Security <suse-security@xxxxxxxx>
Subject: Re: [suse-security] IP Tunnel in only one direction possible
From: Ray Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
Date: 23 Apr 2003 13:10:23 +0200
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Wed, 23 Apr 2003 13:09:39 +0200
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <3EA672B5.9308F1A3@xxxxxxxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
Organization: Knowledge Factory
References: <25230.1051092468@xxxxxxxxxxxxx> <3EA672B5.9308F1A3@xxxxxxxxxxxxxxx>

Also, make sure forwarding is turned on for that interface.

On Wed, 2003-04-23 at 13:02, Thomas Kerkau wrote:
> Hi Peter,
> 
> 
> > |NET2 pings NET1: GW2(eth0) logs an icmp request ?
> > on eth0:
> >   9 7.631138    192.168.101.239       192.168.100.205       ICMP     Echo
> > (ping) request
> 
> the paket is entering GW2.
> 
> > 
> > 192.168.101.0/24 ist net2 internal
> > 192.168.100.0/24 ist net1 internal
> > 
> > on ipsec0:
> >       3  1.694921    217.235.199.35        192.168.100.205       ICMP
> > Echo (ping) request
> 
> the paket is leaving ipsec0
> 
> > 
> > on eth1:
> > nothing--
> > 
> > on ppp0
> > nothing--
> 
> but not forwarded to ppp0/eth1. Just checked this on a 7.3, you will see
> ESP-pakets on both. hopfully this was not changed. Is ipsec0 bound to
> eth1/ppp0 (interfaces directive in ipsec.conf)? 
> 
> > Yes I forgot to paste int the reply. :)
> > but basically ipsec0 looks differnent on both machines
> > 
> > GW2:|> 10:21:04.305584 192.168.101.239 > 192.168.100.1: icmp: echo
> > GW1:|> 08:51:05.057368 unknown ip 0
> 
> Are you shure that these entries are correlated? Do you see ESP-pakets
> on the external interface of GW1?
> 
> My feeling at this point is that GW2 doesn't send any paket to GW1.
> Check if "ipsec eroute" and "ipsec auto --status" shows the correct
> connections, and check "route".
> 
> Greetings, Thomas
> 
> 
> --
> www.ArcStyler.com - the Architectural IDE for MDA:J2EE/.NET/EAI
>   -> CyberOne Award
>   -> Winner Crossroads A-List Award USA
>   -> IBM Solution Excellence Award winner for Hot Java Solution
>   -> European Information Society Technologies Prize Winner
>   -> Made with ArcStyler: http://www.io-software.com/customers
>   -> OMG Press, John Wiley 2002 www.ConvergentArchitecture.com
> 
> ----- < iO > ---------------------------------------------------------
> Interactive Objects Software GmbH
> mailto:Thomas.Kerkau@xxxxxxxxxxxxxxx
> http://www.io-software.com
> Basler Strasse 65, D-79100 Freiburg, Germany
> Tel: [+49]-761-40073-0, Fax: [+49]-761-40073-73
> ----------------------------------------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- Re: [suse-security] IP Tunnel in only one direction possible
  - From: telest
- Re: [suse-security] IP Tunnel in only one direction possible
  - From: Thomas Kerkau

Prev by Date: Re: [suse-security] IP Tunnel in only one direction possible
Next by Date: Re: [suse-security] pppd sporadically uses ppp1 instead of ppp0
Previous by thread: Re: [suse-security] IP Tunnel in only one direction possible
Next by thread: Re: [suse-security] IP Tunnel in only one direction possible
Index(es):
- Date
- Thread