[Openswan Users] Problem with vpn network
Paul Wouters
paul at xelerance.com
Wed Jan 26 18:12:23 CET 2005
On Wed, 26 Jan 2005, Nicole.Haehnel wrote:
> now I know the problem, or a part of it.
>
> VPN1------INET-----DSL-Router----VPN2
>
> The tunnel is working between VPN1 and VPN2 until the router dials a new
> connection.
> After this the tunnel is still up, but no packets go through it.
> Restarting ipsec is not working.
Is the router keeping some sort of state? It shouldn't. Did it change IP address?
> I configured ipsec to start the tunnel only from VPN2 behind the router.
So is VPN2 on private IP space? Do you forward proto 50 and port (4)500 udp to it?
If VPN2 is on public ip, it shouldn't matter that the router vanishes and comes back.
Try and run tcpdump to see where the packets are lost. Is VPN2 still sending them?
(I'd assume so, but let's rule out bugs in our own products first :)
> "Right" is dyndns-name, but what is rightnexthop?
the only nexthop you should fill in on VPN2 is the inside IP of the DSL router. It
shouldn't change if I got your network idea correctly.
Paul
More information about the Users
mailing list