[Openswan Users] Going beyond the dmz net

Ivan Lopez ivan_n_lopez at hotmail.com
Mon Mar 21 11:30:27 CET 2005 

Hi, again, people:
I think I have a successful  L2TPD/IPSEC implementation. W2K roadwarriors 
establishes a connection with an openswan/l2tpd/pppd server and they "are" 
in the dmz lan. It was my first objetive and I managed to do it with Jacco's 
documentation and help from this list. Thanks to everybody.
Now I want to go deeply and use services from servers in the INTERNAL 
network. There is a packet filter between DMZ and INTERNAL network. This is 
my scenario (lowercase=nets UPPERCASE=devices).

RW(10.1.8.X)----NATROUTER-------internet--------BASTIONHOST(openswan)-----dmz(192.168.3.X)-----PACKETFILTER-----internalnetwork(192.168.0.X)

I can use services from dmz but when I try to use services from 
internalnetwork it doesn't work I'm using pings from roadwarrior to server 
in internal network to test (between 10.1.8.241 to 192.168.0.50).
In that case, I can see packets arriving to the server in the internal 
network, and the answer from it (from/to the rights ips).
In the packet filter, I can see echo-request and echo-reply packets. All 
seems to be OK until here.
In the bastion host, I can see echo-request and echo-reply packets in the 
eth1 interface (which connects it to the dmz) . All seems to be OK until 
here.
In ppp0 I can see only echo-requests. No echo replies.
Iptables debug in the bastion host shows a echo-reply which has IN=eth1 and 
OUT=ppp0 but this packet never reaches ppp0, tcpdump in ppp0 shows only echo 
requests. Then I think it is a openswan, pppd, or l2tpd problem. And It's 
hard to me debug this. I couldn't
It's posible to do what I trying?. If it's posible, can you tell me what 
things may I change from the original configuration?.
I'm using a 2.6.9 kernel whith builtin ipsec, openswan 2.3.0-2 from Debian, 
l2tpd 0.70-pre20031121-2 from Debian and ppp 2.4.3-20041231+2 from Debian.

Thanks in advance.
Ivan

_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger: 
http://messenger.latam.msn.com/

More information about the Users mailing list