<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi All,<br>
<br>
Myself and my partner's father has set up a VPN so we can access
each others internal networks.<br>
<br>
Our topology is as following: (Example)<br>
<br>
Client A -> Server A
<-> Server B <- Client B<br>
192.168.1.6 192.168.1.1
192.168.0.1 192.168.0.6<br>
eth0: External IP<br>
eth1: Internal IP<br>
<br>
Client A can ping and access Server B and Client B<br>
Client B can ping and access Server A and Client A<br>
<br>
Server A cannot ping or access Server B and Client B<br>
Server B cannot ping or access Server A and Client A<br>
<br>
Firewall on Server A is set to full allow Server B's public IP<br>
Firewall on Server B is set to full allow Server A's public IP<br>
<br>
We are using NETKEY with PSK<br>
<br>
Here is my ipsec (With public IP's Removed):<br>
<small><small># /etc/ipsec.conf - Openswan IPsec configuration file<br>
<br>
version 2.0 # conforms to second version of ipsec.conf
specification<br>
<br>
# basic configuration<br>
config setup<br>
nat_traversal=yes<br>
oe=off<br>
protostack=netkey<br>
plutostderrlog=/tmp/pluto.log<br>
<br>
conn Tunnel-to-Millers<br>
type = tunnel<br>
auth=esp<br>
authby=secret<br>
left=a.b.c.d (Server A's Public IP)<br>
leftsubnet=192.168.1.0/24 <br>
right=w.x.y.z (Server B's Pubic IP)<br>
rightsubnet=192.168.0.0/24<br>
esp=3des-md5<br>
rekey=yes<br>
keyingtries=3<br>
keyexchange=ike<br>
auto=start</small></small><br>
<br>
Im not sure if its routing or masquerading or what, when running a
traceroute to 192.168.0.6 from Server A, the requests go out through
Server A's public IP<br>
<small><small>root@Nelson:~# ping 192.168.0.6<br>
PING 192.168.0.6 (192.168.0.6) 56(84) bytes of data.<br>
^C<br>
--- 192.168.0.6 ping statistics ---<br>
6 packets transmitted, 0 received, 100% packet loss, time 5039ms<br>
</small></small><br>
If I ping forcing interface eth1 (Internal), they go through<small><small><br>
root@Nelson:~# ping -Ieth1 192.168.0.6<br>
PING 192.168.0.6 (192.168.0.6) from 192.168.1.1 eth1: 56(84)
bytes of data.<br>
64 bytes from 192.168.0.6: icmp_seq=1 ttl=63 time=34.2 ms<br>
64 bytes from 192.168.0.6: icmp_seq=2 ttl=63 time=18.7 ms<br>
64 bytes from 192.168.0.6: icmp_seq=3 ttl=63 time=16.7 ms<br>
64 bytes from 192.168.0.6: icmp_seq=4 ttl=63 time=20.0 ms<br>
^C<br>
--- 192.168.0.6 ping statistics ---<br>
4 packets transmitted, 4 received, 0% packet loss, time 3003ms<br>
rtt min/avg/max/mdev = 16.716/22.457/34.252/6.916 ms</small></small><br>
<br>
Server A runs a DNS server which needs to pass requests for one of
our domains to a DNS server on the 192.168.0.0 network.<br>
<br>
Any help would be appreciated<br>
<pre class="moz-signature" cols="72">--
Regards,
Ryan Davies</pre>
</body>
</html>