[Openswan Users] Host to net VPN question
Glenn MacGregor
gtm at highstreetnetworks.com
Wed Mar 30 13:00:03 CEST 2005
Jacco,
I followed that tutorial as close to the letter as I could. I am not using a
kernel that has the NAT-T patch. Altough I shouldn't need it because I am not
behind a firewall for my current tests.
To recap:
I make the connection to the ipsec gateway using certificates. I can ping the
internal interface of the ipsec gateway (I did turn forwarding on in the kernel)
and get a response. If I ping another box on the internal network I get no
response. I did run tcpdump on the box I am trying to ping, I see the ping come
in and the pong go out. The problem (I think) is that when the ping comes in it
has a public address so when any internal box tries to respond the response goes
out its default gateway (not the ipsec gateway) trying to get there.
I am lost. What are my options...
Thanks
Glenn
Quoting Jacco de Leeuw <jacco2 at dds.nl>:
> Glenn MacGregor wrote:
>
> > I have been looking around for a week or so on how to create a host-to-net
> VPN
> > connection from a windows XP box to an openswan box.
> >
> > Forgive me but I very confused. I can make the connection from the winxp
> box
> > using the free ipsec tool. I can ping the internal interface of the vpn box
> but
> > can get no futher.
>
> This is a normal configuration so it should work. Did you follow Nate
> Carlson's howto to the letter?
>
> > What is the prefered method to handle this connection? Is it to use l2tp or
> can
> > I do something with iptables using NAT or something.
>
> L2TP is *not* required.
>
> Jacco
> --
> Jacco de Leeuw mailto:jacco2 at dds.nl
> Zaandam, The Netherlands http://www.jacco2.dds.nl
>
Glenn MacGregor
HighStreet Networks
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
More information about the Users
mailing list