<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
If I have this right, in your terminology, LPLIP is 192.168.0.1, but
LPTPS is 192.168.0.2 so your Debian box has the same subnet on its
LAN and WAN? If so, then I believe it is doomed. The debian box also
gets a public IP by virtue of being in a DMZ but I am not sure how
this will help it. For any traffic destined for 192.168.0.x how does
the debian know if it should route the traffic to its LAN or WAN?<br>
<br>
Regards,<br>
<br>
Nick<br>
<br>
<div class="moz-cite-prefix">On 25/01/2015 14:59, Managed Pvt nets
wrote:<br>
</div>
<blockquote cite="mid:emfe75444b-ebd6-4933-9dba-c2a02885a31b@jagged"
type="cite">
<style id="eMClientCss">blockquote.cite { margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc }
blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding-top: 0px; }
.plain pre, .plain tt { font-family: monospace; font-size: 100%; font-weight: normal; font-style: normal; }
a img { border: 0px; }body {font-family: Tahoma;font-size: 12pt;}
.plain pre, .plain tt {font-family: Tahoma;font-size: 12pt;}
<![CDATA[BLOCKQUOTE.cite {
PADDING-LEFT: 10px; MARGIN-LEFT: 5px; BORDER-LEFT: #cccccc 1px solid; PADDING-RIGHT: 0px; MARGIN-RIGHT: 0px
}
BLOCKQUOTE.cite2 {
PADDING-TOP: 0px; PADDING-LEFT: 10px; MARGIN-LEFT: 5px; BORDER-LEFT: #cccccc 1px solid; MARGIN-TOP: 3px; PADDING-RIGHT: 0px; MARGIN-RIGHT: 0px
}
.plain PRE {
FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE: normal
}
.plain TT {
FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE: normal
}
A IMG {
BORDER-TOP: 0px; BORDER-RIGHT: 0px; BORDER-BOTTOM: 0px; BORDER-LEFT: 0px
}
#x68bec1acef484c7ab52f11a6e6ece67c {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
.plain PRE {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
.plain TT {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
BODY {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
]]></style>
<style>#xa8a56da56ac047129d9d603492cea9a6 BLOCKQUOTE.cite2
{PADDING-TOP: 0px; PADDING-LEFT: 10px; MARGIN-LEFT: 5px; BORDER-LEFT: #cccccc 1px solid; MARGIN-TOP: 3px; PADDING-RIGHT: 0px; MARGIN-RIGHT: 0px}
#xa8a56da56ac047129d9d603492cea9a6 .plain PRE, #xa8a56da56ac047129d9d603492cea9a6 .plain TT
{FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE: normal}
#xa8a56da56ac047129d9d603492cea9a6 A IMG
{BORDER-TOP: 0px; BORDER-RIGHT: 0px; BORDER-BOTTOM: 0px; BORDER-LEFT: 0px}
#xa8a56da56ac047129d9d603492cea9a6 #x68bec1acef484c7ab52f11a6e6ece67c, #xa8a56da56ac047129d9d603492cea9a6 .plain PRE, #xa8a56da56ac047129d9d603492cea9a6 .plain TT, #xa8a56da56ac047129d9d603492cea9a6
{FONT-SIZE: 12pt; FONT-FAMILY: Tahoma}
</style>
<div> </div>
<div>On 24/01/2015 2:46:17 PM, "Nick Howitt" <<a
moz-do-not-send="true" href="mailto:nick@howitts.co.uk">nick@howitts.co.uk</a>>
wrote:</div>
<div> </div>
<div id="xa8a56da56ac047129d9d603492cea9a6" style="COLOR: #000000">
<blockquote class="cite2" cite="54C39419.6030109@howitts.co.uk"
type="cite">Can you give your network config as I don't
understand it from this in your logs:<br>
<blockquote><tt>000 "tunnel1":
192.168.0.0/24===192.168.0.2<192.168.0.2>[LEFT_PUBLIC_IP,+S=C]---192.168.0.1...192.168.0.1---RIGHT_PUBLIC_IP<RIGHT_PUBLIC_IP>[+S=C]===192.168.10.0/24;
prospective erouted; eroute owner: #0</tt><br>
</blockquote>
<br>
To me it is indicating your left and right public IP's have a
common gateway of 192.168.0.1 which does not make sense if you
are declaring public IP's for left and right.<br>
</blockquote>
<div>My Debian box running IPSec is using only private IPs
working as a sort of a DMZ for my LAN. The Debian then has a
point-to-point with a Cisco router that has a public IP, to
the internet. We are supposed to have a site-to-site
connection with the provider's IPSec network which is sitting
on a Microsoft Windows 2008R2 which is using Microsoft
Forefront (TMG) 2008. I will try and put a diagram below then
explain it:</div>
<div> </div>
<div> </div>
<div><lan> <==>(LPLIP) <Debian IPSec>(LPTP2)
<==> (LPTP1) <Cisco Router>(LPI)
<==> {{INTERNET}} <==> (RPI)<MS Win2008R2
Server>(RPLI) <==><lan></div>
<div> </div>
<div>Left Side</div>
<div>LPLI - Left Private LAN Interface on the Debian Server
facing the primary LAN for the network 103.1.0.0/24</div>
<div>LPTP1 - Left point to point IP - 192.168.0.2 [This is the
Debian box running Openswan IPSec on NAT] facing the Cisco
Router</div>
<div>LPTP2 - Left point to point IP - 192.168.0.1 [This is the
gw to the internet - Cisco Router]</div>
<div>LPI - Left public IP (This is sitting on the Cisco Router
acting as the border out to the internet]</div>
<div> </div>
<div>Right Side</div>
<div>RPI - Right Public IP also gateway to the internet. This is
sitting on the Microsoft Windows 2008R2 Server with MS
Forefront TMG 2008</div>
<div>RPLI - Right Private LAN interface for the network
192.168.10.0/24</div>
<div> </div>
<div>I hope this answers your questions. Many thanks for your
help,</div>
<div> </div>
<div>MPN.</div>
<blockquote class="cite2" cite="54C39419.6030109@howitts.co.uk"
type="cite"> </blockquote>
</div>
</blockquote>
<br>
</body>
</html>