[Ilugc] IPSEC Connection between Gateway Firewalls

~adarsh~ vpadarsh at gmail.com
Thu Jun 29 12:20:44 IST 2006


On 6/29/06, Binand Sethumadhavan <binand at gmail.com> wrote:
> On 29/06/06, ~adarsh~ <vpadarsh at gmail.com> wrote:
> > There was some misconfiguration in the subnet mask i fixed it.
> > When i am trying to ping a machine from behind the firewall at one end
> > to one at the other end the packets are rejected at the lan interface
> > eth0.What may be the reson?
>
> What do you mean, when you say "rejected"? Do you get an ICMP network
> unreachable response?
Not the network unreachable,but the Destination host not rechable.
and at the firewall interfac e eth0 i am getting

Jun 30 06:57:47 firewallother kernel: Shorewall:lan2all:REJECT:IN=eth0
OUT=eth1 SRC=152.109.247.25 DST=192.168.1.5 LEN=84 TOS=0x00 PREC=0x00
TTL=63 ID=4 DF PROTO=ICMP TYPE=8 CODE=0 ID=26160 SEQ=5

>
> Your config:
>
> config setup
>       interfaces=%defaultroute
>
> conn %default
>       left=217.66.217.131
>       leftsubnet=152.109.247.0/255.255.255.240
>       leftnexthop=217.66.217.142
>
> conn firewalldxb.test.com-vpn
>       right=195.229.190.151
>       rightcert=firewalldxb.test.com.crt
>       rightsubnet=192.168.1.0/255.255.255.0
>       rightnexthop=195.229.190.145
>
> I am not sure if you need those leftnexthop/rightnexthop entries. I
> have been trying to find config file documentation for this IPSec
> package, but without much success. The main reason I believe your
> tunnel is not working is because that the IPSec daemon does not bring
> up the ipsec0 interface at the end of successful P2 negotiation, and
> neither does it add routing table entries for rightsubnet into that
> tunnel interface. The reason for that looks to me as if the config
> file tells the IPSec daemon explicitly to add the routes to the
> leftnexthop/rightnexthop IPs and not the the ipsec0 interface.

 i have one document from mandriva it only says abt GUI .can i attatch
it with mail?


-- 
Adarsh


More information about the ilugc mailing list