[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] ipsec freeswan - connection established successfully, but packets are dropped ...



Am Freitag, 17. Oktober 2003 12:18 schrieb Frank Stuehmer:
> Hi Markus,
>
> > I stopped all Firewall rules, and checked the ipsec configuration
> > over and over, but i can't find a solution.
> > Can anyone help me?
>
> do you have in /etc/ipsec.conf lines like this:
> leftupdown=/usr/lib/ipsec/_updown.x509 ?
> In _updown.x509 routing and firewalling for ipsec connection will be
> set. With Suse-Firewall this configuration works fine for me.
>
> Frank Stuehmer

Yes, I do. But that's not enough.
And I tried with or without  the gw entry in line 55 - as described on 
https://nso.freeswan.nl/archives/users/2003-September/msg00227.html
this proved to be necessary for the routing.
Now ping left-net-host -> right-net-host works, but ping right-net-host 
-> left-net-host doesn't.
Packets are dropped on left-net-VPN-Server's interface ipsec0.
but why? It answers correctly on a connection initiated from 
left-side-host, but can not ping to the other side...
????

>
> WS Medienservice Chemnitz GmbH
> Heinrich-Lorenz-Straße 2-4 * 09120 Chemnitz
> Tel. 0371-5289-275 * Fax 0371-5289-115
> f.stuehmer@xxxxxxxxxxx
>
> ----- Original Message -----
> From: "Markus Feilner" <lists@xxxxxxxxxxxxxx>
> To: "suse-security" <suse-security@xxxxxxxx>
> Sent: Thursday, October 16, 2003 10:45 PM
> Subject: [suse-security] ipsec freeswan - connection established
> successfully, but packets are dropped ...
>
> > Hello List,
> > I am using SuSE 8.2 on two systems, together with freeswan ipsec.
> > Both systems run:
>
> .....
>
> .....

-- 
Mit freundlichen Grüßen
Markus Feilner
--
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23  - mobil: +49 170 302 709 2 
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here