Kay Obermueller
2006-Feb-23 03:00 UTC
Clients can use IPSec-tunnel but gateway itself can''t
Hello all, my new IPSec gateway is well underway already. But only the clients can use the tunnel. On the IPsec gateway itself it tells me: "connect: Resource temporarily unavailable" when I try to ping a host in the remote subnet. I used the same configuration from shorewall 2.1.9 which is now updated to 2.2.3 in Debian Sarge. Can someone point me to some reading what has changed what may cause the different behaviour? Or shall I post my config here? Kay ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Ivica Glavocic
2006-Mar-01 17:36 UTC
Re: Clients can use IPSec-tunnel but gateway itself can''t
----- Original Message ----- From: "Kay Obermueller" <kobermueller@web.de> To: <shorewall-users@lists.sourceforge.net> Sent: Thursday, February 23, 2006 4:00 AM Subject: [Shorewall-users] Clients can use IPSec-tunnel but gateway itself can''t> Hello all, > my new IPSec gateway is well underway already. But only the clients can > use the tunnel. On the IPsec gateway itself it tells me: > "connect: Resource temporarily unavailable" when I try to ping a host in > the remote subnet. I used the same configuration from shorewall 2.1.9 > which is now updated to 2.2.3 in Debian Sarge. > Can someone point me to some reading what has changed what may cause the > different behaviour? Or shall I post my config here? > KayTry initiating traffic from LAN interface. For example, if you have eth0 as Shorewall interface on your LAN, and eth1 your WAN side trough which you are establishing IPSEC tunnel, try pinging host in remote subnet with ping -I eth0 remote.subnet.host.ip Also check Shorewall logs, packets might be matching some of rules wich deny that kind of traffic. Ivica ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642