<div dir="ltr">Hello sir,<br><br>I have OPENSWAN SERVER and client both in one network <a href="http://192.168.1.0/24">192.168.1.0/24</a> and in server two LANs are dere one fro internal and other for external<br>On the server side - internal network is <a href="http://192.168.5.0/24">192.168.5.0/24</a><br>
external Lan card ip is 1192.168.1.121 gw 192.168.1.254<br> VPN client ip range is 192.168.5.60-192.168.5.70<br> local VPN ppp interface ip is 192.168.5.10<br>
On the client side is same network of server external Lan card<br> ip of Lan card is 192.168.1.22 gw 192.168.1.254 <br><br>I have given MASQUERADING rule on the server side. my ipsec verify output at server side.<br>
<br><span style="color: rgb(0, 0, 102);">Checking your system to see if IPsec got installed and started correctly:</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Version check and ipsec on-path [OK]</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Linux Openswan U2.6.35/K2.6.28.4-enjay (netkey)</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Checking for IPsec support in kernel [OK]</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);"> SAref kernel support [N/A]</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);"> NETKEY: Testing XFRM related proc values [OK]</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);"> [OK]</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);"> [OK]</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Checking that pluto is running [OK]</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);"> Pluto listening for IKE on udp 500 [OK]</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);"> Pluto listening for NAT-T on udp 4500 [OK]</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Two or more interfaces found, checking IP forwarding [OK]</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Checking NAT and MASQUERADEing </span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Checking for 'ip' command [OK]</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Checking /bin/sh is not /bin/dash [WARNING]</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Checking for 'iptables' command [OK]</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Opportunistic Encryption Support [DISABLED]</span><br>
<br><br>Is any other rule for NAT at the server side is required to connect ??? <br><br><br><div class="gmail_quote">On Tue, Sep 13, 2011 at 7:17 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div class="im">On Tue, 13 Sep 2011, heta shah wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Thanks for reply,<br>
But when I am adding leftsourceip=192.168.5.X where X is my ip of other interface in server. At that time client can not establish VPN connection with server. At server side<br>
this error is coming on /var/log/auth.log file<br>
</blockquote>
<br>
</div><div class="im"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
And I cannot add leftsubnet tag . When I am adding leftsubnet client cannot able to establish connection .<br>
Is any IPSEC version problem or some configuration problem.<br>
<br>
ipsec --version<br>
Linux Openswan U2.6.35/K2.6.28.4-enjay (netkey)<br>
<br>
xl2tpd --version<br>
<br>
xl2tpd version: xl2tpd-1.2.8<br>
</blockquote>
<br></div>
I did not realise you were using L2TP, sorry. You do not use a leftsourceip= for l2tp.<br>
<br>
One way communication within l2tp is usually caused by<br>
<br>
1) the L2TP server hands out a range that is not NATed and goes out to the internet, but<br>
replies cannot be received<br>
2) the L2TP server is not the default gateway, and is not NATing, so replies never get back<br>
to it.<br>
3) router or firewall is blocking the l2tp assigned range of addresses<br>
<br>
Also check with "ipsec verify" if you see any issues.<br><font color="#888888">
<br>
Paul</font><div><div></div><div class="h5"><br>
<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
On Mon, Sep 12, 2011 at 9:24 PM, Paul Wouters <<a href="mailto:paul@xelerance.com" target="_blank">paul@xelerance.com</a>> wrote:<br>
On Mon, 12 Sep 2011, heta shah wrote:<br>
<br>
Please help me I am doing some error or not . I am facing this one way communication. Is any route add at server side is required<br>
or not ?? My internal network is <a href="http://192.168.5.0/24" target="_blank">192.168.5.0/24</a> and I want to apply remote network VPN client from this network . In this setup I<br>
can communicate from client to server but I cannot communicate from server to client But still VPN connection is showing up.<br>
<br>
<br>
You should never attempt or need to add routes manually.<br>
<br>
You might want to add on the server a leftsourceip=192.168.5.X (X is whatever IP your server has in that range)<br>
<br>
Paul<br>
<br>
<br>
<br>
<br>
--<br>
Thanks and Regards.<br>
<br>
Heta<br>
<br>
<br>
<br>
<br>
<br>
<br>
</blockquote>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">Thanks and Regards.<br><br>Heta Shah<br><br><br><br></div><br>
</div>