Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: ADSERG on April 04, 2003, 05:21:36 PM

Title: FREESWAN IPSEC Strange problem
Post by: ADSERG on April 04, 2003, 05:21:36 PM

Hi All

I have a strange problem here hope someone can help.

I have a number of sites that are running ipsec between two servers all work well without a single hitch.

However i have just installed ipsec on another site and i am getting some strange problems. I have double checked my settings and all appear correct, as i have compared it against other sites just to be sure encryption also ok.

If i do an ifconfig on both servers, Both show that ipsec is up and running and both are sending and trying to receive data, but nothing is getting through. Pings just sit there and go nowhere.

If i do an ipsec look i get evidence that it is trying to get to the other side, this is the same from both ends.

so i tried ipsec barf and get the following.

Remote0 Pluto[21795 : "gate.130.44.3.0-net.local" #104: up-client output: you must delete all user chains and flush all built-in chains. Basically i am getting a full page of this but dont really understand what it is telling me.

eventually i am told that up-client command exited with status 1

Does anyone have any idea? Like i said pluto is up and running.

I have tried a few ideas from this site and other sites but now have to ask a the question.

Thank You

ADSERG

Title: Re: FREESWAN IPSEC Strange problem
Post by: Lloyd Keen on April 05, 2003, 11:19:26 AM

Have you tried doing #/sbin/e-smith/signal-event remoteaccess-update at both sites and then restarting IPsec with #service ipsec restart (also both ends)?

Title: Re: FREESWAN IPSEC Strange problem
Post by: ADSERG on April 07, 2003, 01:35:31 PM

Hi Lloyd

Yup i have now, but still the same. Is this command updating everything or just each other's encryption keys?.

Title: Re: FREESWAN IPSEC Strange problem
Post by: Steve Bush on April 07, 2003, 09:29:41 PM

Are the versions of SME the same on all the boxes?  If so, are you using the same IPSEC rpm version? If not, are you using the correct version of IPSEC rpm for your version of SME?

Title: Re: FREESWAN IPSEC Strange problem
Post by: Adserg on April 08, 2003, 07:01:55 PM

Hi Steve

Both ends are sme 5.1.2 running freeswan dmc-mitel-freeswan-0.4-12.noarch.rpm
It's really strange all other sites work ok.

have you seen a problem like this before?

regards

Adserg

Title: Re: FREESWAN IPSEC Strange problem
Post by: Steve Bush on April 08, 2003, 08:56:46 PM

Check your _updown script to verify it is the same as a working box.
I know it's kinda like a "make sure it's plugged in" question, but did you copy the correct _updown script per the howto?

Title: Re: FREESWAN IPSEC Strange problem
Post by: ADSERG on April 08, 2003, 09:14:18 PM

Hi Steve

Hmm good question maybe i didnt install the updown script on one of the servers.

I'll double check...

Cheers Steve

Adserg

Title: Re: FREESWAN IPSEC Strange problem
Post by: ADSERG on April 10, 2003, 01:55:20 PM

Steve

Yup it's that ok i didnt install the updown script on one of the servers.

All working now, Cheers Steve

Regards

ADSERG

Title: Re: FREESWAN IPSEC Strange problem
Post by: Steve Bush on April 10, 2003, 07:12:40 PM

Thanks for the update.  I'm glad I could help...

Steve