Thread: [Ipsec-tools-devel] tunnel problems
Brought to you by:
mit_warlord,
netbsd
From: Igor P. <igo...@gm...> - 2005-02-25 19:29:27
|
i'm using kernel 2.6.10 and latest ipsec-tools (ipsec-tools-0.5) in both peer of tunnel and using manual keying, when i turn up the tunnel there are no errors or warnings by the setkey, but, just stations behind gateway B can reach stations behing gateway A, and the gateway A and B don't talk by the tunnel gateway A: 200.206.162.11 gateway B: 200.158.227.11 here's the configuration file of the gateway B, in gateway A i'm just change -P in by -P out and -P out by -P in , in the spdadd lines: #!/usr/local/sbin/setkey -f flush; spdflush; add 200.158.227.11 200.206.162.11 esp 34501 -m tunnel -E des-cbc 0x3e668603d4e088b6; add 200.206.162.11 200.158.227.11 esp 34501 -m tunnel -E des-cbc 0x3e668603d4e088b6; spdadd 192.168.1.0/24 192.168.0.0/24 any -P out ipsec esp/tunnel/200.158.227.11-200.206.162.17/require; spdadd 192.168.0.0/24 192.168.1.0/24 any -P in ipsec esp/tunnel/200.206.162.11-200.158.227.11/require; thanks. |
From: KOVACS K. <hi...@ba...> - 2005-02-28 09:15:33
|
Hi, 2005-02-25, p keltez=E9ssel 16.29-kor Igor Puorro ezt =EDrta: > here's the configuration file of the gateway B, in gateway A i'm just > change -P in by -P out and -P out by -P in , in the spdadd lines: >=20 > #!/usr/local/sbin/setkey -f > flush; > spdflush; >=20 > add 200.158.227.11 200.206.162.11 esp 34501 -m tunnel -E des-cbc > 0x3e668603d4e088b6; > add 200.206.162.11 200.158.227.11 esp 34501 -m tunnel -E des-cbc > 0x3e668603d4e088b6; >=20 > spdadd 192.168.1.0/24 192.168.0.0/24 any -P out ipsec > esp/tunnel/200.158.227.11-200.206.162.17/require; > spdadd 192.168.0.0/24 192.168.1.0/24 any -P in ipsec > esp/tunnel/200.206.162.11-200.158.227.11/require; You should try to add a forward policy SPD entry, something like this: spdadd 192.168.0.0/24 192.168.1.0/24 any -P fwd ipsec esp/tunnel/200.206.162.11-200.158.227.11/require; --=20 Regards, Krisztian Kovacs |