[Openswan Users] Host to net VPN question

Ivan Lopez ilopez at enress.gov.ar
Wed Mar 30 15:26:02 CEST 2005

Hi. I´ve just started with openswan but I'd like help people who helped me. I think you have several choices:

A) To test your idea, add a route in your internal box ponting your road warrior with gw in your vpn box ("route add" if windows) If your ping success, you are right. You have a routing problem not a openswan´s one.

B) IPSEC/L2TP (:-)) I´m using this and I can, for example, assign private Ips to my roadwarriors. It´s easier to route that but it´s not the unique solution for this. As Jacco says, l2tp is *not* required, but it, may be, could help.

C) To be done for gurús. I´m sure there are more.


-----Mensaje original-----
De: Glenn MacGregor [mailto:gtm at highstreetnetworks.com] 
Enviado el: Miércoles, 30 de Marzo de 2005 14:00
Para: Jacco de Leeuw
CC: users at openswan.org
Asunto: Re: [Openswan Users] Host to net VPN question


I followed that tutorial as close to the letter as I could. I am not using a kernel that has the NAT-T patch. Altough I shouldn't need it because I am not behind a firewall for my current tests.

To recap:

I make the connection to the ipsec gateway using certificates. I can ping the internal interface of the ipsec gateway (I did turn forwarding on in the kernel) and get a response. If I ping another box on the internal network I get no response. I did run tcpdump on the box I am trying to ping, I see the ping come in and the pong go out. The problem (I think) is that when the ping comes in it has a public address so when any internal box tries to respond the response goes out its default gateway (not the ipsec gateway) trying to get there.

I am lost. What are my options...



Quoting Jacco de Leeuw <jacco2 at dds.nl>:

> Glenn MacGregor wrote:
> > I have been looking around for a week or so on how to create a 
> > host-to-net
> > connection from a windows XP box to an openswan box.
> > 
> > Forgive me but I very confused. I can make the connection from the 
> > winxp
> box
> > using the free ipsec tool. I can ping the internal interface of the 
> > vpn box
> but
> > can get no futher.
> This is a normal configuration so it should work. Did you follow Nate 
> Carlson's howto to the letter?
> > What is the prefered method to handle this connection? Is it to use 
> > l2tp or
> can
> > I do something with iptables using NAT or something.
> L2TP is *not* required.
> Jacco
> -- 
> Jacco de Leeuw                         mailto:jacco2 at dds.nl
> Zaandam, The Netherlands           http://www.jacco2.dds.nl

Glenn MacGregor
HighStreet Networks

This mail sent through IMP: http://horde.org/imp/ _______________________________________________
Users mailing list
Users at openswan.org http://lists.openswan.org/mailman/listinfo/users

More information about the Users mailing list