Modify

Opened 12 years ago

Closed 12 years ago

#509 closed defect (invalid)

routing pb with openswan

Reported by: vletoux@… Owned by: developers
Priority: normal Milestone: 0.9/rc6
Component: packages Version:
Keywords: Cc:

Description

I've setup openswan on a wrt54g v1.1 with :
http://wiki.openwrt.org/IPSec
(openwrt was setup with factory reset)

Lan---------------Openwrt---internet-----firewall-------Lan
192.168.11.0/24 192.168.1.1 192.168.3.252 192.168.3.0/24

Anyone from 192.168.3.0/24 can ping and access http interface from 192.168.11.1

Some packets between 192.168.3.0/24 and 192.168.11.0/24 are dropped.

When I ping from 192.168.3.0/24 to 192.168.11.0/24 with packet size smaller or egal than 210 bytes, it works.
But when I ping from 192.168.3.0/24 to 192.168.11.0/24 with packet size greater than 210 bytes, it don't work.

I can see the ping request and the ping reply on 192.168.11.1 with tcpdump -i ipsec0 -n but nothing goes to the firewall.

So all packets with size greater than 218 bytes from the wrt to the firewall did't arrive.

I've tested it with 2 firewall : a ingate firewall and an astaro firewall and with 2 wrt54g v1.1.

Here is the ipsec.conf

conn FranceToPolska

authby=secret
ike=aes-md5
esp=aes-md5
right=<firewall ip>
rightsubnet=192.168.3.0/24
rightnexthop=%defaultroute
left=<openwrt ip>
leftsubnet=192.168.11.0/24
leftsourceip=192.168.11.1
leftnexthop=82.127.105.215
auto=start

The wrt is configured with static ip.
If i don't set leftsourceip=192.168.11.1, the packet to the lan 192.168.3.0/24
have source ip set to the internet ip of the wrt.

Attachments (0)

Change History (1)

comment:1 Changed 12 years ago by mbm

  • Milestone set to 1.0-rc6
  • Resolution set to invalid
  • Status changed from new to closed

The ticket system is not a help desk; please use the forums instead.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.