First off, please describe your testing in depth. FreeS/WAN gateways do not use the tunnel by default so pinging through the tunnel from one of the gateways won't work. If you wish to test the tunnel you need to ping through the tunnel using appropriately addressed hosts on either side of the gateways.
Secondly, if you are interested in a fairly decent Web-GUI for FreeS/WAN, there is a pretty good WebMin module available. Install WebMIN if you haven't already (www.webmin.com) and then install the FreeS/WAN module. On Mon, 16 Jun 2003 18:00:46 -0300 "Federico Voges" <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I'm trying to setup a VPN between 2 Linux servers using FreeS/WAN > (network to network). > > Right now, everything seems to ok (pluto says the tunnel is up, routes > looks ok, etc) except that not a single packet makes it through the > tunnel (ie. no ping). > > First suspect was the firewall script (shorewall with all the settings > for ipsec), so I just dropped all rules on both severs and changed all > policies to ACCEPT (also checked for /proc/sys/net/ipv4/ip_forward = > 1). > > Here's my ipsec.conf (keys truncated for easy reading): > #### START #### > config setup > interfaces=%defaultroute > klipsdebug=none > plutodebug=all > plutoload=%search > plutostart=%search > > # defaults for subsequent connection descriptions > conn %default > keyingtries=0 > disablearrivalcheck=no > authby=rsasig > > > conn bue-nqn > left=hoerbiger.ipdinamica.com # Local vitals > leftsubnet=192.168.10.0/24 # > [EMAIL PROTECTED] # > leftrsasigkey=0sAQNMdaf0YJ00... > leftnexthop=%defaultroute # correct in many situations > right=hoerbiger-nqn.ipdinamica.com # Remote vitals > rightsubnet=192.168.11.0/24 # > [EMAIL PROTECTED] # > rightrsasigkey=0sAQN2C0tZXXY... > rightnexthop=%defaultroute # correct in many situations > auto=start # authorizes but doesn't start > this > # connection at startup > > #### END #### > > Notes, both ens are connected to internet with ADSL using dynamic IP, > that's why I used hostnames instead of IPs. That shouldn't be a problem > (at least until one of the ends gets a new IP). > > I have the logs from both servers as well as some info from route, > ipsec, etc. If you can help, just tell me what you need and I'll send > it. > > TIA! > > Federico Voges > Socio gerente > > Intrasoft > Malabia 2137 14 A > (1425) Buenos Aires > Argentina > > Te/Fax: 54-11-4833-5182 > e-mail: [EMAIL PROTECTED] > Web: http://www.intrasoft.com.ar > > -----BEGIN PGP SIGNATURE----- > Version: PGP SDK 3.0 > > iQA/AwUBPu4v/hRcJRaVKt4XEQKNSQCfQekLDol+SgC9jzn9CBBHUl6eVPAAn0Wc > 3/NQnkWI55TYr4r0xhnMvD54 > =CsCJ > -----END PGP SIGNATURE----- > > > > _______________________________________________ > Linux-users mailing list > [EMAIL PROTECTED] > Unsubscribe/Suspend/Etc -> > http://www.linux-sxs.org/mailman/listinfo/linux-users -- Matthew Carpenter [EMAIL PROTECTED] http://www.e-i-s.cc/ Enterprise Information Systems *Network Consulting, Integration & Support *Web Development and E-Business _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
