<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PlaceType"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PlaceName"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Hello,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Although this may not be an OpenSwan question
directly it is VPN related. Below is my network setup.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Gateway --- Bridge --- Office Subnet (.224/28)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>
|<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>
|<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>
|<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> VPN
(OpenSwan)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>G/W IP: .225<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Bridge IP: .233<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>My IP: .229<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>NetMask: 255.255.255.240 (/28)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Now what I was trying to setup was the ability for
me to take my box home sometimes set it up on my internal network and VPN into
the bridge and recapture my old office IP. (.229). The connection
establishes ok, and I get my IP ok. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Here comes the weird parts :P.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Ping From Home To Bridge (.229 -> .233) OK<o:p></o:p></span></font></p>
<p class=MsoNormal><st1:place w:st="on"><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Ping</span></font></st1:place><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>
>From Bridge To Home (.233 -> .229) FAILED<o:p></o:p></span></font></p>
<p class=MsoNormal><st1:place w:st="on"><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Ping</span></font></st1:place><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>
>From Other To Home (.234 -> .229) FAILED<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>TCPDump On ppp0
(.229 -> .233) No Traffic
Displayed But Ping Works ?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>TCPDump On ppp0
(.233 -> .229) Outgoing
packet shown, no response, ping fails<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>TCPDump On ppp0
(.234 -> .229) No Traffic
Displayed, Destination Host Unreachable, ping fails<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Furthermore, I can ping the bridge from home but I
can’t ping my pc (at home) from any PC on the subnet (bridge included) any
other PC in the subnet and any pc on the subnet cannot ping my ip. When I
do a TCPdump I can see traffic on ppp0 but nothing-related on br0.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Just for some more background information, the
bridge is essentially just transparently doing HTTP caching, POP3/SMTP
scanning, and firewalling. I’ll tested pings without any firewall
rules in place so I know its not a firewall issue. (ACCEPT on the forward/input/output
chains). I’m running on the 2.6 kernel with OpenSwan 2.0 but I doubt
that matters since the VPN establishes fine.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Any ideas?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><st1:place w:st="on"><st1:PlaceName w:st="on"><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>ROUTE</span></font></st1:PlaceName><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>
<st1:PlaceName w:st="on">INFO</st1:PlaceName> <st1:PlaceName w:st="on">FOR</st1:PlaceName>
<st1:PlaceType w:st="on">BRIDGE</st1:PlaceType></span></font></st1:place><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>
(NO VPN CONNECTED):<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Destination
Gateway
Genmask Flags Metric
Ref Use Iface<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>XXX.XX.XXX.224
0.0.0.0 255.255.255.240
U 0
0 0 br0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>0.0.0.0
XXX.XX.XXX.225 0.0.0.0
UG 0
0 0 br0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><st1:place w:st="on"><st1:PlaceName w:st="on"><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>ROUTE</span></font></st1:PlaceName><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>
<st1:PlaceName w:st="on">INFO</st1:PlaceName> <st1:PlaceName w:st="on">FOR</st1:PlaceName>
<st1:PlaceType w:st="on">BRIDGE</st1:PlaceType></span></font></st1:place><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>
(VPN CONNECTED):<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Destination
Gateway
Genmask Flags Metric
Ref Use Iface<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>XXX.XX.XXX.229
0.0.0.0 255.255.255.255
UH 0
0 0 ppp0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>MY.HOME.245.173 XXX.XX.XXX.225 255.255.255.255
UGH 0
0 0 br0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>XXX.XX.XXX.224 0.0.0.0
255.255.255.240 U 0
0 0 br0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>0.0.0.0
XXX.XX.XXX.225 0.0.0.0
UG 0
0 0 br0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Matt.<o:p></o:p></span></font></p>
</div>
</body>
</html>