<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi again<div><br></div><div>You helped me last week in setting up a VPN that went apparently successful, but there's a problem.</div><div><br></div><div>I remind you my configuration: xxx.xxx.xxx.1 (my public centos box) <-----> yyy.yyy.yyy.2 (Juniper vpn concentrator) <---> zzz.zzz.zzz.3 (box in private lan)</div><div><br></div><div>I can ping the machine in the remote LAN perfectly (xxx.1 to zzz.3) but cannot connect to any port through telnet. The interesting part of this is that I see the ESP traffic coming out of xxx.1, the admin of the Juniper Concentrator (yyy.2) can see my traffic coming through and also the guy in the zzz.3 box (private lan).</div><div><br></div><div>But this guy (zzz.3) sees the connection dropping each time. See example:</div><div><br></div><div><font size="2" face="sans-serif">[admwsph@WebSphere2pt ~]$ while true; do netstat -na | grep 9082; sleep 3; done</font> <br><font size="2" face="sans-serif">tcp 0 0 zzz.zzz.zzz.3:9082 xxx.xxx.xxx.1:46650 <b>SYN_RECV </b> </font> <br><font size="2" face="sans-serif">tcp 0 0 :::9082 :::* LISTEN </font></div><div><font size="2" face="sans-serif"><br></font></div><div><font size="2" face="sans-serif">This command is run in zzz.3</font></div><div><br></div><div>Do you have any idea of what can be going on here?</div><div><br></div><div>Thank you very much for your help.</div><div>Saludos!</div><div>RM</div><div><br><div><div>El 23/11/2010, a las 14:51, Paul Wouters escribió:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>On Tue, 23 Nov 2010, "Ing. Rodrigo Méndez" wrote:<br><br><blockquote type="cite">This is the result from ipsec verify:<br></blockquote><br>Looks good.<br><br><blockquote type="cite">The people from the Juniper VPN concentrator say they don't see any traffic coming from our IPs, so it would seem there's no traffic coming out from Box 1<br></blockquote><blockquote type="cite">(CentOS box). The strange thing is it doesn't work even if iptables is disabled (so no blocking is apparently occurring, or at least it isn't the main<br></blockquote><blockquote type="cite">problem).<br></blockquote><blockquote type="cite">My best guess now is that I'm having a routing problem. <br></blockquote><br>I don't think so...<br><br><blockquote type="cite">Any ideas on how to tell Linux to route the packages going to zzz.zzz.zzz.3 through the tunnel?? (I'm using netkey, not KLIPS)<br></blockquote><br>manual routing should not be used. netlink will snatch the packets.<br><br><blockquote type="cite">I can't find any route to yyy.yyy.yyy.2 or zzz.zzz.zzz.3 (the box in the private lan) anywhere in the routing table. I'm not sure if this is OK.<br></blockquote><br>that's fine.<br><br>It seems you have one interface online. Are you behind a port forward? Is your upstream<br>router filtering packets?<br><br>Try adding forceencaps=yes ?<br><br><br>Paul<br><br></div></blockquote></div><br><div>
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><br></div></div></span></span>
</div>
<br></div></body></html>