|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Bernhard Held (bheld_at_mgpi.de)
Date: Mon Sep 09 2002 - 09:02:40 CDT
> The Subnet between inner-router and firewall has the
> range 192.168.51.0/24.
> ...
> Destination Gateway Genmask Flags MSS Window irtt
Iface
> 0.0.0.0 195.90.31.254 0.0.0.0 UG 40 0 0
eth0
> 193.159.64.92 190.91.41.254 255.255.255.255 UGH 40 0 0
ipsec0
> 190.91.41.0 0.0.0.0 255.255.255.0 U 40 0 0
eth0
> 190.91.41.0 0.0.0.0 255.255.255.0 U 40 0 0
ipsec0
I can't find a route to the "inner router" in the subnet 192.168.51.0/24
given above. Can you ping the hosts in 192.168.0.0/16 from the firewall? If
not, then it won't possible through the VPN.
>up-client:)
> # connection to my client subnet coming up
> # If you are doing a custom version, firewall commands go here.
> iptables -I FORWARD 1 -s
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
> -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j
ACCEPT
> iptables -I FORWARD 1 -d
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
> -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j
ACCEPT
Did you configure the left/right-protoports in ipsec.conf?
Maybe you can post your ipsec.conf.
`iptables -L -nv` shows the packet counter of the rules. You can check, if
the rules are hit.
tcpdump is always a big help to see, if packets leave or arrive at your
firewall.
Bernhard
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to security
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]