> Hello, I tried to connect 2 networks, both running DCD and IPSEC 1.91. One
> network is 192.168.3.x and the other is 192.168.9.x. After some efforts, I
> made both IPSEC start up without error.
>
> Now pinging from 192.168.9 to 192.168.3 does not work. When I have a look
at
> /var/log/auth.log,
MLU
-Original Message-
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 22, 2002 2:35 PM
To: M Lu; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN error, please help
> then I copy the part after line Modulus: 0x5652...
>
> and put it in line leftrsasigkey (s
> Thank you very Charles, I will modify the RSA key in the config when I
> get home.
>
> In the network.conf I have
>
> EXTERN_PROTO0="50 0/0"
> EXTERN_PROTO1="51 0/0"
>
> and
>
> EXTERN_UDP_PORTS="0/0_500"
>
> on both sides
>
> so I think I do not have to set firewall=yes, right?
You are correct
Thank you Charles.
After making the RSA right, I restarted the ipsec service on both
side and then I try to ping a machine on 192.168.1.x from 192.168.9.x subnet but the
ping times out and there is nothing in auth.log or syslog suggesting a reason.
Could you please suggest what I should look a
On Tuesday 23 April 2002 14:57, MLU wrote:
> Thank you Charles.
>
> After making the RSA right, I restarted the ipsec service on both
> side and then I try to ping a machine on 192.168.1.x from 192.168.9.x
> subnet but the ping times out and there is nothing in auth.log or
> syslog suggesting a r
> After making the RSA right, I restarted the ipsec service on both
> side and then I try to ping a machine on 192.168.1.x from 192.168.9.x
subnet but the ping times out and there is nothing in auth.log or syslog
suggesting a reason.
>
> Could you please suggest what I should look at now? I am inc
Hi Charles and Lynn.
Thank you for your suggestions. Things are not changed much after
I did the following as you advised:
- As per Lynn's remark, I now use only one /etc/ipsec.conf on
both sides. The FreeSWAN doc said that you may need to change
the line "interfaces=", but they are identi
> Thank you for your suggestions. Things are not changed much after
> I did the following as you advised:
>
> - As per Lynn's remark, I now use only one /etc/ipsec.conf on
> both sides. The FreeSWAN doc said that you may need to change
> the line "interfaces=", but they are identical in this c
I strongly hope that's my mistake somewhere and not the ISP's. If the ISP blocks the
IPSEC, could I connect to my office's VPN server? I still can do that before this
experiment (removing ipsec module...).
The bad (and probably good -:)) news is that I do not see anything logged into
/var/log/
> I strongly hope that's my mistake somewhere and not the ISP's. If the ISP
blocks the IPSEC, could I connect to my office's VPN server? I still can do
that before this experiment (removing ipsec module...).
>
> The bad (and probably good -:)) news is that I do not see anything logged
into /var/lo
Hi Charles & MLu,
I'm having similar problems, and have found this thread helpful. I've
been wondering, do we have to declare the routing on the gateways, or
shouldn't ipsec handle this? Also, what if the ipsec router is not the
default gateway for a machine that you are trying to ping from
el
I should probably amend that last statement - my current test setup is:
192.168.2.X - ipsec gateway {default} - 2Wire firewall - SSH Sentinel
And I am experiencing the same problems that MLu mentioned. If I try to
add a route on the subnet machines (ok, sigh windows), I get error 87.
Do I eve
: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN error, please help
Hi Charles & MLu,
I'm having similar problems, and have found this thread helpful. I've
been wondering, do we have to declare the routing on the gateways, or
shouldn't ipsec handle this? Also
From: "MLU " <[EMAIL PROTECTED]>
> I strongly hope that's my mistake somewhere and not the ISP's. If the ISP
blocks the IPSEC, could I connect to my office's VPN server? I still can do
that before this experiment (removing ipsec module...).
>
> The bad (and probably good -:)) news is that I do not
PROTECTED]
Subject: Re: [Leaf-user] VPN error, please help
From: "MLU " <[EMAIL PROTECTED]>
> I strongly hope that's my mistake somewhere and not the ISP's. If the
ISP
blocks the IPSEC, could I connect to my office's VPN server? I still can
do
that before this
> Below are my routes on both left and right sides. Charles, if you can
> confirm them correct, I think there must be some rule on my left-side
> denying packets destined for 192.168.1 even reach left-side eth0.
>
> I accidentally found this in one old log:
>
> Apr 23 19:14:06 router kernel: Packe
Hi Charles & MLu
> Look at your local routing setup (ip route or netstat -nr). Make sure there
> is a route directing packets destined for the far end of the VPN to the
> ipsec device.
Ok, so what you are saying is that on the ipsec router, I should
associate the external private subnet with d
> > Look at your local routing setup (ip route or netstat -nr). Make sure
there
> > is a route directing packets destined for the far end of the VPN to the
> > ipsec device.
>
> Ok, so what you are saying is that on the ipsec router, I should
> associate the external private subnet with device ip
Hi Charles,
Thanks, leftfirewall=yes lets me ping a machine on the other subnet
now. I think I added a few too many extra ipchains rules, but now that
it is working I can back off on them.
- Jon
Charles Steinkuehler wrote:
>
> > > Look at your local routing setup (ip route or n
: Thursday, April 25, 2002 8:47 AM
To: MLU
Cc: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN error, please help
The error is probably due to trying to ping without IPSec running, but
with
some ipchains rules left over (like the forward rule that allows traffic
between your two private networks
> I think you are probably right. I do have forward rules to allow traffic
> between both my private 192.168.9 and 192.168.3. And those rules are
> added by myself in /etc/ipfilter.conf (based on what you did for DMZ,
> your DMZ is one-way, mine is 2-way). I will try to disable it asap, but
> my q
192.168.9 and .3 are my private, so adding the rule as you suggested is for them only,
right.
For accessing 192.168.1 (the remote ipsec private), do I have to do the similar thing,
i.e.:
$IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b
> 192.168.9 and .3 are my private, so adding the rule as you suggested is
for them only, right.
>
> For accessing 192.168.1 (the remote ipsec private), do I have to do the
similar thing, i.e.:
>
> $IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b
Oops! If the 192.168.9 and .3 net
PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Charles
Steinkuehler
Sent: Friday, April 26, 2002 8:07 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN error, please help
> 192.168.9 and .3 are my private, so adding the rule as you suggested
is
for them only, ri
On Saturday 27 April 2002 02:11, MLU wrote:
> Thank you very very much, Charles, I could ping the other private
> machines and I am asking them to ping me and use a couple of services
> on my private server for thorough test. I hope it will be fine.
>
> The next step for me is to setup for the Roa
> 1. Do you know of any free client for Windows which works with
> Free/SWAN?
The newer windows systems have IPSec built-in, although configuring them to
talk to a non-microsoft IPSec implementation can be quite a challange. Most
of the reports I see on the FreeS/WAN mailing list seem to indicat
On Sat, 27 Apr 2002 14:12:14 -0500
"Charles Steinkuehler" <[EMAIL PROTECTED]> wrote:
> > 1. Do you know of any free client for Windows which works with
> > Free/SWAN?
>
> The newer windows systems have IPSec built-in, although configuring them
> to talk to a non-microsoft IPSec implementation ca
] VPN error, please help
On Sat, 27 Apr 2002 14:12:14 -0500
"Charles Steinkuehler" <[EMAIL PROTECTED]> wrote:
> > 1. Do you know of any free client for Windows which works with
> > Free/SWAN?
>
> The newer windows systems have IPSec built-in, although configuring
that
package < 10 Minutes..
Upnet Joe
- Original Message -
From: "Chad Carr" <[EMAIL PROTECTED]>
To: "Charles Steinkuehler" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Saturday, April 27, 2002 10:31 PM
Subject: Re: [Leaf-
wever with that
package < 10 Minutes..
Upnet Joe
- Original Message -
From: "Chad Carr" <[EMAIL PROTECTED]>
To: "Charles Steinkuehler" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Saturday, April 27, 2002 10:31 PM
Subjec
On Sun, 28 Apr 2002 09:41:41 -0400
"Upali Weerasinghe" <[EMAIL PROTECTED]> wrote:
> Here is another one http://vpn.ebootis.de/
>
> I downloaded some stuff from above, and right now its working with
> Windows-XP no problem
> if you guys need this package in zip format I'll put that on my
> webser
Sunday, April 28, 2002 11:19 PM
Subject: Re: [Leaf-user] VPN error, please help
> On Sun, 28 Apr 2002 09:41:41 -0400
> "Upali Weerasinghe" <[EMAIL PROTECTED]> wrote:
>
> > Here is another one http://vpn.ebootis.de/
> >
> > I downloaded some stuff fro
32 matches
Mail list logo
