Found some switches for logging with the iked. There it says 0/03/19 18:37:21 ## : IKE Daemon, ver 2.1.6 10/03/19 18:37:21 ## : Copyright 2009 Shrew Soft Inc. 10/03/19 18:37:21 ## : This product linked OpenSSL 0.9.8g 19 Oct 2007 10/03/19 18:37:21 K! : recv X_SPDDUMP message failure ( errno = 2 ) 10/03/19 18:37:48 !! : unable to locate inbound policy for init phase2
The first error comes up when I start the daemon, the second when a connection is negotiated. Is this just usual stuff or of some meaning? Anyhow, I guess its the creation and the setup of the tap device that is causing my trouble. Is there a way to debug that too? Thanks, Clemens Stefan Bauer wrote: > Am 19.03.2010 10:53, Clemens Perz schrieb: >> Hi all! >> >> I am suffering from a lack of genius here :)) >> >> A debian lenny with racoon up and running serves as vpn backend. >> Originally, I created a working configuration using the Shrewsoft client >> for Windows, used that for a while and it still works perfect. >> >> Now I want the same thing on Ubuntu Karmic, i.e. 9.10. First I just >> installed the client, imported my existing configuration and connected >> to the server. Everything fine, it connects, gets the config, creates >> the tap0, sets the routes. But when I ping one of the private hosts >> inside the vpn no packages find their way back and ping just says nothing. >> >> When I trace the packages with tcpdump I see that all targets return the >> right stuff, so the ping packages are routed to the target, processed >> and answered. The answer package has the ip of the pinged host as >> source, the tap0 ip as target and should do fine. That happens with all >> protocols - I see the routing working, but the requesting application >> gets nothing. > > Do you see at the ubuntu client side any icmp-answers incoming at > network layer? > > Does it work to ping from the vpn-server to the ubuntu client? > > Could you also please try if setting 1 or 0 to > /proc/sys/net/ipv6/bindv6only does change anything? > > Stefan > _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
