> I am trying to get a working version of an ipsec tunnel between two > Dachstein CD 1.0.2 Gateways (Test1 and Test2) and their subnets. I have > created a test system as suggested in the FreeSWAN documentation (see > diagram below). A Security Association appears to be established between > Test1 and Test2, however, no data will pass through the tunnel (i.e. the > Windows browser cannot connect to the BOA httpd). > > Included below are the contents of "/etc/ipsec.conf" (Test1 and Test2 are > identical except for the values of eth0 and eth1). I have also included > are the outputs of "ipsec look", "ipsec auto --status", "netstat -nr", > "ifconfig", and "ipchains -L -n" for each system after the SA was established. > > Can anyone help me find my problem?
It looks like your tunnels are up. I've seen this problem when the protocol 50 traffic is blocked...the tunnles are keyed and brought up using UDP, but no VPN data (protocol 50, or ESP) gets through, so it looks like things are disconnected. Try your ipchains commands with the -v switch, so you can see packet and byte counts, as well as additional constraints (like interface flags) that may be defined. Look at the packet count data for your protocol 50 rules, as well as any non-zero packet counts for any DENY or REJECT rules. You can frequently make more sense of the packet counts by zeroing them (using ipchains --zero), running a test, and then examining the packet counts...less noise to sift through... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
