[Openswan Users] Going beyond the dmz net
ivan_n_lopez at hotmail.com
Mon Mar 21 11:30:27 CET 2005
Hi, again, people:
I think I have a successful L2TPD/IPSEC implementation. W2K roadwarriors
establishes a connection with an openswan/l2tpd/pppd server and they "are"
in the dmz lan. It was my first objetive and I managed to do it with Jacco's
documentation and help from this list. Thanks to everybody.
Now I want to go deeply and use services from servers in the INTERNAL
network. There is a packet filter between DMZ and INTERNAL network. This is
my scenario (lowercase=nets UPPERCASE=devices).
I can use services from dmz but when I try to use services from
internalnetwork it doesn't work I'm using pings from roadwarrior to server
in internal network to test (between 10.1.8.241 to 192.168.0.50).
In that case, I can see packets arriving to the server in the internal
network, and the answer from it (from/to the rights ips).
In the packet filter, I can see echo-request and echo-reply packets. All
seems to be OK until here.
In the bastion host, I can see echo-request and echo-reply packets in the
eth1 interface (which connects it to the dmz) . All seems to be OK until
In ppp0 I can see only echo-requests. No echo replies.
Iptables debug in the bastion host shows a echo-reply which has IN=eth1 and
OUT=ppp0 but this packet never reaches ppp0, tcpdump in ppp0 shows only echo
requests. Then I think it is a openswan, pppd, or l2tpd problem. And It's
hard to me debug this. I couldn't
It's posible to do what I trying?. If it's posible, can you tell me what
things may I change from the original configuration?.
I'm using a 2.6.9 kernel whith builtin ipsec, openswan 2.3.0-2 from Debian,
l2tpd 0.70-pre20031121-2 from Debian and ppp 2.4.3-20041231+2 from Debian.
Thanks in advance.
Charla con tus amigos en línea mediante MSN Messenger:
More information about the Users