Hello, all. I've upgraded to VC2.2 so I could use the VPN features to its fullest. But my tunnel, after it's successfully estabilished, doesn't transfer any data. I can see it's connected on both ends (Vyatta and a Linksys), by means of: "IPSec Process Running PID: 4855 1 Active IPsec Tunnels" and "000 #2: " peer-1.2.3.4-tunnel-1":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 6731s; newest IPSEC; eroute owner" in Vyatta side, and " [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected" on my router.
Pinging from Vyatta the router's internal IP gets me destination unreachable. So I don't get traffic flow. As Vyatta uses Openswan, I went to " http://wiki.openswan.org/index.php/Openswan/DebuggingTCPDump" and saw that I have a situation D problem. It says that's because of misconfiguration (I don't think so, as the tunnel is OK by the debug output) or firewall. I thought that it could be a firewall issue, so I asked my ISP to make my machine wide open to the internet so I could avoid that kind of problem, and so it is. And still no good. It also says to capture packets from my ipsec0 iface, but I couldn't find any. Capturing data that was transiting in my active ipsec interface eth0 while I was pinging the 'right' router internal IP, I saw ARP requests that weren't being fulfilled: "19:12:30.275395 arp who-has 192.168.0.101 tell 5.6.7.8" (5.6.7.8 being the eth0 public IP) Issuing a netstat -nr told me that the the iface to 192.168.0.0/24 is eth0 (I thought that should be ipsec0?): Destination Gateway Genmask Flags MSS Window irtt Iface 5.6.7.8 0.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 And an ifconfig didn't get me any ipsec iface, only eth0, eth1 and lo. So, my question is: did anyone get VPN working in Vyatta 2.2? Does it show an ipsec ifsace on Linux (outside xorpsh)? If not, how can I proceed my debug, where should I look? Thanks in advance. Any pointer is very welcome. Leo
_______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users