Re: ipsec problem

From: David Clymer (david_at_zettazebra.com)
Date: 10/20/04

  • Next message: Alexis Huxley: "Re: How to install MTA from source without breaking apt-get dependencies" 
    To: Debian-User <debian-user@lists.debian.org>
Date: Wed, 20 Oct 2004 02:04:45 -0400

    On Tue, 2004-10-19 at 10:15, Giuseppe Sacco wrote:
    > Hi,
    > I am facing a problem with my first installation of IPSec, and I need some
    > hint :-)
    >
    > I have one firewall that also does ipsec. It is a Sarge machine, with
    > openswan, that protects a LAN with addresses 192.168.10.0/24.
    >

    The openswan list is probably the best place to ask this kind of
    question, since it's dedicated to ipsec and openswan questions. A bunch
    of folks on that list seem to be pretty familiar with debian as well. I
    may be able to offer a little advice, but those guys are the real gurus.

    > I installed a client machine, still Sarge with same software, that should
    > be able to connect to the first machine. Both machines have a public IP.
    >
    > When the connection starts, it seems that everithing is okay, but then,
    > when I connect from the client to the one server inside the LAN, I see
    > that the client machine is sending all packets not encripted directly to
    > the internet provider. Since they are using private IPs the provider drops
    > the packets.
    >
    > client config is
    > ---------
    > config setup
    > klipsdebug=all
    > plutodebug=none
    > interfaces="ipsec0=ppp0 ipsec1=eth1"

    are you running KLIPS, or native IPsec? If you are not running KLIPS,
    you dont need (and cannot use) this line. What kernels are you using?
    What is the output of ipsec verify & ipsec auto --status on both hosts?
    You say that the client is having problems communicating with one host
    on the remote LAN. Can it communicate with any others? Can the gateway
    ping the client?

    -davidc 

    -- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Alexis Huxley: "Re: How to install MTA from source without breaking apt-get dependencies"

    Relevant Pages

    • Re: User authentication IPsec
      ... View Output Logs for details ... Ping Diagnosis: ... NAP Client Diagnosis: ... IPsec Service Diagnosis: ...
      (microsoft.public.windows.server.active_directory)
    • RE: Microsoft IPSec via group policy
      ... IPsec could accomplish this. ... Microsoft IPSec via group policy ... Requiring ipsec between a client and a DC via GPO is problematic. ...
      (Security-Basics)
    • re: Microsoft IPSec
      ... My original intention for enabling IPsec was the prevent users from ... Microsoft IPSec via group policy ... Requiring ipsec between a client and a DC via GPO is problematic. ...
      (Security-Basics)
    • RE: IPSEC VPN connection from client in SBS 2003 premium
      ... the IPSec protocol cannot pass through ISA if IPSec ... pass-through would not work in firewall client method. ... VPN scenario, between the remote client and the VPN gateway, all VPN ...
      (microsoft.public.windows.server.sbs)
    • RE: Microsoft IPSec via group policy
      ... IPsec could accomplish this. ... Microsoft IPSec via group policy ... Requiring ipsec between a client and a DC via GPO is problematic. ...
      (Security-Basics)