[Ilugc] IPSEC Connection between Gateway Firewalls

Binand Sethumadhavan binand at gmail.com
Thu Jun 29 09:32:31 IST 2006


On 29/06/06, ~adarsh~ <vpadarsh at gmail.com> wrote:
> There was some misconfiguration in the subnet mask i fixed it.
> When i am trying to ping a machine from behind the firewall at one end
> to one at the other end the packets are rejected at the lan interface
> eth0.What may be the reson?

What do you mean, when you say "rejected"? Do you get an ICMP network
unreachable response?

Your config:

config setup
       interfaces=%defaultroute

conn %default
       left=217.66.217.131
       leftsubnet=152.109.247.0/255.255.255.240
       leftnexthop=217.66.217.142

conn firewalldxb.test.com-vpn
       right=195.229.190.151
       rightcert=firewalldxb.test.com.crt
       rightsubnet=192.168.1.0/255.255.255.0
       rightnexthop=195.229.190.145

I am not sure if you need those leftnexthop/rightnexthop entries. I
have been trying to find config file documentation for this IPSec
package, but without much success. The main reason I believe your
tunnel is not working is because that the IPSec daemon does not bring
up the ipsec0 interface at the end of successful P2 negotiation, and
neither does it add routing table entries for rightsubnet into that
tunnel interface. The reason for that looks to me as if the config
file tells the IPSec daemon explicitly to add the routes to the
leftnexthop/rightnexthop IPs and not the the ipsec0 interface.

Binand


More information about the ilugc mailing list