[vpn-help] racoon & ike: Missing the last tiny bit ...
Clemens Perz
cperz at gmx.net
Fri Mar 19 12:44:35 CDT 2010
Found some switches for logging with the iked. There it says
0/03/19 18:37:21 ## : IKE Daemon, ver 2.1.6
10/03/19 18:37:21 ## : Copyright 2009 Shrew Soft Inc.
10/03/19 18:37:21 ## : This product linked OpenSSL 0.9.8g 19 Oct 2007
10/03/19 18:37:21 K! : recv X_SPDDUMP message failure ( errno = 2 )
10/03/19 18:37:48 !! : unable to locate inbound policy for init phase2
The first error comes up when I start the daemon, the second when a
connection is negotiated.
Is this just usual stuff or of some meaning? Anyhow, I guess its the
creation and the setup of the tap device that is causing my trouble. Is
there a way to debug that too?
Thanks,
Clemens
Stefan Bauer wrote:
> Am 19.03.2010 10:53, Clemens Perz schrieb:
>> Hi all!
>>
>> I am suffering from a lack of genius here :))
>>
>> A debian lenny with racoon up and running serves as vpn backend.
>> Originally, I created a working configuration using the Shrewsoft client
>> for Windows, used that for a while and it still works perfect.
>>
>> Now I want the same thing on Ubuntu Karmic, i.e. 9.10. First I just
>> installed the client, imported my existing configuration and connected
>> to the server. Everything fine, it connects, gets the config, creates
>> the tap0, sets the routes. But when I ping one of the private hosts
>> inside the vpn no packages find their way back and ping just says nothing.
>>
>> When I trace the packages with tcpdump I see that all targets return the
>> right stuff, so the ping packages are routed to the target, processed
>> and answered. The answer package has the ip of the pinged host as
>> source, the tap0 ip as target and should do fine. That happens with all
>> protocols - I see the routing working, but the requesting application
>> gets nothing.
>
> Do you see at the ubuntu client side any icmp-answers incoming at
> network layer?
>
> Does it work to ping from the vpn-server to the ubuntu client?
>
> Could you also please try if setting 1 or 0 to
> /proc/sys/net/ipv6/bindv6only does change anything?
>
> Stefan
>
More information about the vpn-help
mailing list