In syslog there are records
Jul 13 19:29:15 test-ipsec kernel: [111994.243602] martian source 10.10.0.1
from 192.168.1.1, on dev eth0
until I try to ping 192.168.1.1 from Vuurmuur FW
13 июля 2011 г. 16:01 пользователь netspy -------------------- <
[email protected]> написал:
> Hi
>
> I have a trouble with ipsec tunnel (not pass-through) and vuurmuur.
>
> 10.10.0.1 <-- vuurmuur fw --> 212.98.16*.* < --- internet ---> 80.249.8*.*
> <-- adsl router --> 192.168.1.1
>
> <----------------------------------------------->
> ipsec tunnel
>
> Without Vuurmuur all OK
>
> setkey -f /etc/setkey.conf && racoon -v -d -f /etc/racoon/racoon.conf
>
> route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.10.0.1
>
> Test:
> From Vuurmuur FW: ping 192.168.1.1 - OK
> From ADSL router: ping 10.10.0.1 - OK
>
> But after install and configure Vuurmuur ping over tunnel don't work
>
> interfaces: inet_iface eth0 212.98.16*.*
> lan_iface eth1 10.10.0.1
>
> services: ipsec -
> UDP:500
> UDP:4500
> AH:
> ESP:
>
> zones: inet.internet (0.0.0.0/0.0.0.0), interface: inet_iface
> main.lan (10.10.0.0/24), interface: lan_iface
> branche.lan (192.168.1.0/24) interface: lan_iface
>
> rules:
> any | internet to firewall (any)
> any | firewall (any) to internet
>
> any | firewall (any) to branche.lan
> any | branche.lan to firewall (any)
> any | main.lan to branche.lan
> any | branche.lan to main.lan
>
> Test:
> From Vuurmuur FW: ping 192.168.1.1 - nothing
> From ADSL router: ping 10.10.0.1 - nothing
>
> in log racoon:
> 2011-07-11 17:40:53: INFO: IPsec-SA established: ESP/Tunnel
> 80.249.8*.*[0]->212.98.16*.*[0] spi=67667205(0x4088505)
> 2011-07-11 17:40:59: INFO: IPsec-SA established: ESP/Tunnel
> 212.98.16*.*[500]->80.249.8*.*[500] spi=128975639(0x7b00317)
>
> Tunnel is UP but ping don't work
>
> in Log Vuurmuur:
> Jul 11 17:23:51: ACCEPT ipsec 80.249.8*.* -> firewall(inet_iface) (in: eth0
> 80.249.8*.*(00:1e:14:01:*:*):500 -> 212.98.16*.*(00:0c:29:b2:*:*):500 UDP
> len:108 ttl:61)
> Jul 11 17:23:56: ACCEPT ping firewall(lan_iface) -> 192.168.1.1 (out: eth0
> 10.10.0.1 -> 192.168.1.1 ICMP type 8 code 0 len:84 ttl:64)
>
> In what may be the problem?
>
------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on "Lean Startup
Secrets Revealed." This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Vuurmuur-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
