NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SuSE Linux> 2003-q2

Re: [suse-security] IP Tunnel in only one direction possible

From: Thomas Kerkau (Thomas.Kerkauio-software.com)
Date: Wed Apr 23 2003 - 02:06:31 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Peter,

this midght be due to yout iptables configuration. It is unlikley to be
due to your ipsec or routing config, cause it works in one direction. I
would try to take down iptables, if possible. This is not secure but a
quick test. Maybe you take a look at your iptables configuration first,
and compare FW1 and FW2, keeping in mind that FW2 has an external ethX
and a pppX interface.
Some further ideas:
Maybe you try to use tcpdump on FW2, looking for the pakets from Net2 or
enable loging for all pakets with iptables.

Hope this helps a little but it is very dificult to guess what might be
wrong,

Thomas

> I have a big problem, that today the VPN tunnel is only usable in one
> direction.
>
> NET(1) --- FW1/VPN Gateway ---- internet ---- FW2 / VPN Gateway ---- NET(2)
>
> I can ping from NET1 to NET2 and get replies. ( I also can use different
> other thinks like pcanywhere, file access to the pc's on net2,...)
>
> I cannot ping from NET2 to NET1. There is nothing in the logfiles. I can
> only see on the interface statistik that the 4 ping packets are dropped.
>
> I use on both sides:
> Freeswan 1.98b
> iptables
> Suse Linux 8.0
>
> FW1: static IP Adresses , SDSL Connection
> FW2: dynamic IP Adresses, SDSL PPPoE Connection
>
> I'm really stucked and help will be appreaciated.
>
> Thanks
>
> Peter
>
> --
> +++ GMX - Mail, Messaging & more http://www.gmx.net +++
> Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-helpsuse.com
> Security-related bug reports go to securitysuse.de, not here

--
www.ArcStyler.com - the Architectural IDE for MDA:J2EE/.NET/EAI
  -> CyberOne Award
  -> Winner Crossroads A-List Award USA
  -> IBM Solution Excellence Award winner for Hot Java Solution
  -> European Information Society Technologies Prize Winner
  -> Made with ArcStyler: http://www.io-software.com/customers
  -> OMG Press, John Wiley 2002 www.ConvergentArchitecture.com

----- < iO > ---------------------------------------------------------
Interactive Objects Software GmbH
mailto:Thomas.Kerkauio-software.com
http://www.io-software.com
Basler Strasse 65, D-79100 Freiburg, Germany
Tel: [+49]-761-40073-0, Fax: [+49]-761-40073-73
----------------------------------------------------------------------

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]