|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: [Users] Config Problem
Date: Tue Sep 30 2003 - 04:38:09 EDT
-----BEGIN PGP SIGNED MESSAGE-----
On Monday 29 September 2003 19:02, Armin Theis wrote:
> tcpdump -i ipsec0 shows traffic go out the gateway properly, but replies
Does that mean you fail to see the replies on ipsec0, but you do see them coming in on eth1? Be as precise as you can. If you saw the replies on ipsec0, I'd suspect ipsec; otherwise, firewall rules.
> One told me to set the the leftsubnet to 0.0.0.0/0 but when I do this
This is the correct configuration for what you're attempting to achieve; using "leftsubnet=0.0.0.0/0" (where left represents the gateway) will secure all traffic between gateway and client. Your problem may not lie with IPsec configuration.
I'd suspect firewall/misconfigured NAT rules; perhaps you have an unintended DROP rule, ie your FORWARD chain won't pass packets back to ipsec0 from eth1.
If you can't find an error in your ruleset, try this: as your winXP client pings a host on the 'net, issue "iptables -L -n -v" twice and diff the output. This will flag all the relevant firewall rules.
If you're still stuck I'd recommend you post the output of "ipsec barf" to the web and let us gander at it.
- -- Sam Sgro sam@freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia Charset: noconv Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBP3lA9UOSC4btEQUtAQFAqQP/QTB6uAwFi6oYZPTYsqGgnru9BuGcenMv
wssJJZu6j3yucygdwhN51KRHU/RWgFSU3ZleMAOzlLMyFs0Q8QHOMyvpud72yYqx
eJ3nu7S562dZllrFWZQJfA12XhiAiSXd/lKNrRsGIhYfzv5SVT29uYLf0F/vhsRm
k0CWoZj7DOs=
=UGHa
-----END PGP SIGNATURE-----
FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr Received on Tue Sep 30 04:45:20 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:01:34 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |