<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:Arial;
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hi<font color=navy><span style='color:navy'> Users,<o:p></o:p></span></font></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I have posted one problem which I have
been facing for the past 5 days. I am in terrible situation to clear this
issue. Hope, any one can answer to my problem. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I am giving the same problem here again. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I am having problem in data transfer after tunnel is
established. Actually I am having two setups. I have data transfer problem only
with the first setup. I am giving the second setup only for understanding. I will
explain these two setups as Scenario 1 and Scenario 2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Scenario 1: (With first ISP(Internet Service Provider) who
is giving Local IP address for my Laptop Connection as 10.15.23.89)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The network structure for the first scenario will be as
follows.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>My_Laptop(openswan-2.4.10_running_here_in_Suse_Linux_10.1_as_Client)--------------------Internet-------------------MyOffice_Hardware_Firewall-------------My_Office_LAN<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>10.15.23.89
57.85.78.65
172.16.0.0/16<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I am trying to connect my laptop as a roadwarrior to my
office LAN which is behind Hardware Firewall. I am able to establish
tunnel between my Laptop and to my office Firewall. After the tunnel is
established, if I ping from my Laptop to any one of the PCs in my office LAN, I
am not able to ping to that PC (Infact it is the case for every PC). Here the
Internet Service Provider for my Laptop connection is giving Local IP address
like 10.15.23.89. This is the first scenario. I am giving here the
ipsec.conf and ipsec.secrets for the first scenario<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<div style='border:none;border-bottom:solid windowtext 1.0pt;padding:0in 0in 1.0pt 0in'>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Ipsec.conf file will be as follows:<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>left=10.15.23.89
(Local IP Address assigned to my Laptop by one ISP)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>leftsubnet=10.15.23.89/32
(Subnet of my Laptop)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>right=57.85.78.65
(Public IP or WAN IP of my office Hardware firewall)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>rightsubnet=172.16.0.0/16
(Local Subnet of my office LAN)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>keyexchange=ike<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>ike=3des-md5-modp1024<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>auth=esp<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>esp=3des-md5<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>authby=secret<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<div style='border:none;border-bottom:solid windowtext 1.0pt;padding:0in 0in 1.0pt 0in'>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>ipsec.secrets fill will be as follows:<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>: PSK “sharedsecrets”<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Scenario 2: (With second ISP who is giving Public IP address
for my Laptop Connection as 117.97.103.230)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The network structure for the second scenario will be as
follows.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>My_Laptop(openswan-2.4.10_running_here_in_Suse_Linux_10.1_as_Client)--------------------Internet-------------------MyOffice_Hardware_Firewall-------------My_Office_LAN<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>117.97.103.230
57.85.78.65
172.16.0.0/16<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>If I am connecting my Laptop to another ISP, I will be
connected with Public IP address of 117.97.103.230. Now I am able
to establish the tunnel and do data transfer very well between my Laptop and
any machine in my office LAN which are behind Hardware Firewall. This second
scenario has no issues at all. It is working very fine. Just for explanation
only I am giving this Second Scenario. My actual problem is the First Scenario.
The files ipsec.conf and ipsec.secrets for the second scenario will be as
follows.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<div style='border:none;border-bottom:solid windowtext 1.0pt;padding:0in 0in 1.0pt 0in'>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Ipsec.conf file will be as follows:<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>left=117.97.103.230
(Public IP Address assigned to my Laptop by another ISP)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>leftsubnet=117.97.103.230/32 (Subnet
of my Laptop)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>right=57.85.78.65
(Public IP or WAN IP of my office Hardware Firewall)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>rightsubnet=172.16.0.0/16
(Local Subnet of my office LAN)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>keyexchange=ike<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>ike=3des-md5-modp1024<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>auth=esp<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>esp=3des-md5<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>authby=secret<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<div style='border:none;border-bottom:solid windowtext 1.0pt;padding:0in 0in 1.0pt 0in'>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>ipsec.secrets fill will be as follows:<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>: PSK “sharedsecrets”<o:p></o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>I have not given the logs because I am very well
getting IPsec Established for both the scenarios.<o:p></o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 color=navy
face="Times New Roman"><span style='font-size:12.0pt;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>My question is, Can
openswan support Roadwarrior assigned with Local IP ? The tunnel established
but the data transfer on both sides cannot be done. <o:p></o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>In my place, most of the ISP providers, they are
assigning Local IP Address for the Roadwarriors like </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>10.15.23.89,</span></font>10.15.90.25,
10.6.20.87 and etc. Luckily one ISP who is giving public IP address like
117.97.103.230. <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>Is this issue (Scenario 1)due to Local IP address or
anything else ?<o:p></o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>Is there anything to add like leftid or leftsourceip,
leftnexthop in my ipsec.conf to eliminate this issue (for the scenario 1)?<o:p></o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>Is it possible to do data transfer (after tunnel
creation ) if I am assigned with Local IP Address by adding some settings
in my ipsec.conf /ipsec.secrets ? <o:p></o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 color=navy
face="Times New Roman"><span style='font-size:12.0pt;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>Will it be the problem
like ISP is blocking ESP packets ? <o:p></o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 color=navy
face="Times New Roman"><span style='font-size:12.0pt;color:navy'>Your help is
much appreciated. </span></font><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>Thanks & Regards,<o:p></o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>Mohamed Mydeen A<o:p></o:p></span></font></p>
<p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:
5.0pt;margin-left:0in;text-autospace:none'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>