[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] ipsec freeswan - connection established successfully, but packets are dropped ...
I am using SuSE 8.2 on two systems, together with freeswan ipsec.
Both systems run:
I have configured freeswan successfully with a Server-and-roadwarrior
setup using Certs. By successfully I mean: in /var/log/messages I find
a line like
Oct 16 21:54:26 Server ipsec__plutorun: 004 "VPN-ERMER" #2:
STATE_QUICK_I2: sent QI2, IPsec SA established
or similar after starting ipsec on both systems and there are definitely
no errors on both servers.
On the server side we have the subnet x.x.89.0 to be accessible, on the
roadwarrior side (which is connected via dsl) we have the x.x.0.0
When i try to ping from one subnet to the other (of course from a
different member of the subnet, not the machine running ipsec), the
packets are routed correctly to the ipsec device, but there they
Server:/ # tcpdump -i ipsec0
tcpdump: listening on ipsec0
22:25:17.996878 220.127.116.11 > x.x.89.0: icmp: echo request (DF)
22:25:18.996902 18.104.22.168 > x.x.89.0: icmp: echo request (DF)
22:25:19.996909 22.214.171.124 > x.x.89.0: icmp: echo request (DF)
no answer is given to the ping and on the other side of the tunnel,
nothing arrives - this happens to every packet that is sent to the
tunnel, no matter which port, protocol and destination.
As far as i can see, the packets are dropped, before they are given to
Server:/ # ifconfig ipsec0
ipsec0 Link encap:IPIP Tunnel HWaddr
inet addr:126.96.36.199 Mask:255.255.255.255
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:2002 overruns:0 carrier:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
I stopped all Firewall rules, and checked the ipsec configuration over
and over, but i can't find a solution.
Can anyone help me?
If you need, I can post both my ipsec.conf files and barfs, but i didn't
want to cause big traffic.
Perhaps someone already knows the solution....
Mit freundlichen Grüßen
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here