[ProgSoc] Getting ipsec-tools to work between Ubuntu Lucid hosts

Nigel Sheridan-Smith wtfiwtz at gmail.com
Fri Jul 29 07:22:09 EST 2011


On Fri, Jul 29, 2011 at 6:36 AM, John Elliot <jj5 at jj5.net> wrote:

>
> I've restarted /etc/init.d/setkey after making changes to these files. I'm
> running tcpdump on Hope, and I SSH from Charity to Hope and see the
> following in the tcpdump logs:
>
>    18:46:11.218238 IP charity.progclub.org > hope:
> AH(spi=0x00000200,seq=0x40): ESP(spi=0x00000201,seq=0x40), length 64
>    18:46:11.218361 IP hope > charity.progclub.org:
> AH(spi=0x00000300,seq=0x22): ESP(spi=0x00000301,seq=0x22), length 64
>    18:46:11.218822 IP charity.progclub.org > hope:
> AH(spi=0x00000200,seq=0x41): ESP(spi=0x00000201,seq=0x41), length 56
>    18:46:11.232615 IP hope > charity.progclub.org:
> AH(spi=0x00000300,seq=0x23): ESP(spi=0x00000301,seq=0x23), length 96
>    18:46:11.233099 IP charity.progclub.org > hope:
> AH(spi=0x00000200,seq=0x42): ESP(spi=0x00000201,seq=0x42), length 56
>    18:46:11.233205 IP charity.progclub.org > hope:
> AH(spi=0x00000200,seq=0x43): ESP(spi=0x00000201,seq=0x43), length 96
>
> However, the SSH session just hangs there and "nothing happens". I have to
> press Ctrl+C to cancel out of the attempted SSH connection.
>
>
Can you ping? What are your configured routes?

These [1,2] may be of use... in particular, netstat should indicate packet
counts on each interface

[1] http://www.netbsd.org/docs/network/ipsec/#pitfalls
[2] http://ipsec-tools.sourceforge.net/checklist.html

I would also temporarily disable IP Tables to see if an empty policy makes
any difference, at least to rule that out.

Cheers,

Nigel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://progsoc.org/pipermail/progsoc/attachments/20110729/116f5256/attachment.html>


More information about the Progsoc mailing list