[Openswan Users] Host to net VPN question

Glenn MacGregor gtm at highstreetnetworks.com
Wed Mar 30 13:00:03 CEST 2005


Jacco,

I followed that tutorial as close to the letter as I could. I am not using a
kernel that has the NAT-T patch. Altough I shouldn't need it because I am not
behind a firewall for my current tests.

To recap:

I make the connection to the ipsec gateway using certificates. I can ping the
internal interface of the ipsec gateway (I did turn forwarding on in the kernel)
and get a response. If I ping another box on the internal network I get no
response. I did run tcpdump on the box I am trying to ping, I see the ping come
in and the pong go out. The problem (I think) is that when the ping comes in it
has a public address so when any internal box tries to respond the response goes
out its default gateway (not the ipsec gateway) trying to get there.

I am lost. What are my options...


Thanks

Glenn

Quoting Jacco de Leeuw <jacco2 at dds.nl>:

> Glenn MacGregor wrote:
> 
> > I have been looking around for a week or so on how to create a host-to-net
> VPN
> > connection from a windows XP box to an openswan box.
> > 
> > Forgive me but I very confused. I can make the connection from the winxp
> box
> > using the free ipsec tool. I can ping the internal interface of the vpn box
> but
> > can get no futher. 
> 
> This is a normal configuration so it should work. Did you follow Nate
> Carlson's howto to the letter?
> 
> > What is the prefered method to handle this connection? Is it to use l2tp or
> can
> > I do something with iptables using NAT or something.
> 
> L2TP is *not* required.
> 
> Jacco
> -- 
> Jacco de Leeuw                         mailto:jacco2 at dds.nl
> Zaandam, The Netherlands           http://www.jacco2.dds.nl
> 


Glenn MacGregor
HighStreet Networks

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/


More information about the Users mailing list