[Openswan Users] OpenSWAN to Cisco Concentrator 3005 ??
Svavar Örn Eysteinsson
svavar at atom01.is
Thu Dec 15 09:10:16 CET 2005
Hi All.
I recently installed a Fedora Core 4 linux test machine.
My main goal was to configure a IPSec tunnel with OpenSwan to a remote
office
connected to Cisco Concentrator 3005 box.
Well, I have the connection working but the problem is that I can only
communicate to 1 IPaddress. That is the LAN address of the remote VPNServer.
This is my setup.
(A) - Left Side (Cisco Concentrator 3005 / IP Address: 10.100.0.1/24)
======================================================================
left=62.62.62.62 (Public IPaddress)
leftnexthop=62.62.62.60 (Router)
leftsubnet=10.100.0.0/24 (Local LAN)
(B) - Right Side (OpenSwan / IP Address : 192.168.1.42/24
======================================================================
right=72.72.72.72 (Public IPaddress)
rightnexthop=72.72.72.70 (Router)
rightsubnet=192.168.1.0/24 (Local LAN)
And here is my connection.conf profile :
conn cisco
tpye=tunnel
keyingtries=0
authby=secret
left=62.62.62.62
leftnexthop=62.62.62.60
leftsubnet=10.100.0.0/24
right=72.72.72.72
rightnexthop=72.72.72.70
rightsubnet=192.168.1.0/24
ikelifetime=8h
auto=start
And this is my ipsec.conf :
version 2.0
config setup
nat_traversal=yes
uniqueids=yes
interfaces=%defaultroute
plutowait=no
My OpenSwan box is configured with 2 interfaces. The Eth0(public) connected
straight to the internet and the Eth1(LAN) connected to a switch on the
192.168.1.0/24 network.
The Default Gateway on the machine is 72.72.72.70 trough eth0 interface.
So my routing table looks like :
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
72.72.72.64 * 255.255.255.192 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
10.100.0.0 72.72.72.70 255.255.255.0 UG 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 72.72.72.70 0.0.0.0 UG 0 0 0 eth0
So the problem is, I go to my workstation(running Windows XP) and add a
static route with the following command :
route add 10.100.0.0 mask 255.255.255.0 192.168.1.42 metric 1
I can sucessfully ping 10.100.0.1 from my Windows XP workstation, but
when I whant to ping for an example 10.100.0.5 which i know exists and
serves as a server on the remote lan, I don't get any answers.
This problem is vice versa. That means, if I go to the Web Interface on the
Concentrator Box and ping 192.168.1.42 it is successful. But if i ping
192.168.1.10(that serves as a server on the Remote LAN) I don't get any
response.
Any idea good people? Anyone out there sucessfully configured IPSec tunnel
with Free/OpenSWAN and Concentrator box?
Does it matter wich is Left/Right? e.g. OpenSWAN is Left and Cisco
Right? Or Vice/versa
I'm really stuck.
Thanks.
Best regards,
Svavar Orn
svavar at atom01.is
Reykjavik - Iceland
_______________________________________________
More information about the Users
mailing list