[Openswan Users] Host to net VPN question

Glenn MacGregor gtm at highstreetnetworks.com
Wed Mar 30 13:47:56 CEST 2005


Ivan,

Good point. I did add the route to the internal box I am pinging... Once the
route is there I get thr response from the ping.

So as it stands right now. The way to allow a remote user (roadwarrior) full
access to my internal network via the VPN is to employ L2TP as well as IPSec.

Glenn


Quoting Ivan Lopez <ilopez at enress.gov.ar>:

> Hi. I´ve just started with openswan but I'd like help people who helped me. I
> think you have several choices:
> 
> A) To test your idea, add a route in your internal box ponting your road
> warrior with gw in your vpn box ("route add" if windows) If your ping
> success, you are right. You have a routing problem not a openswan´s one.
> 
> B) IPSEC/L2TP (:-)) I´m using this and I can, for example, assign private Ips
> to my roadwarriors. It´s easier to route that but it´s not the unique
> solution for this. As Jacco says, l2tp is *not* required, but it, may be,
> could help.
> 
> C) To be done for gurús. I´m sure there are more.
> 
> Cheers
> Ivan
> 
> 
> -----Mensaje original-----
> De: Glenn MacGregor [mailto:gtm at highstreetnetworks.com] 
> Enviado el: Miércoles, 30 de Marzo de 2005 14:00
> Para: Jacco de Leeuw
> CC: users at openswan.org
> Asunto: Re: [Openswan Users] Host to net VPN question
> 
> 
> Jacco,
> 
> I followed that tutorial as close to the letter as I could. I am not using a
> kernel that has the NAT-T patch. Altough I shouldn't need it because I am not
> behind a firewall for my current tests.
> 
> To recap:
> 
> I make the connection to the ipsec gateway using certificates. I can ping the
> internal interface of the ipsec gateway (I did turn forwarding on in the
> kernel) and get a response. If I ping another box on the internal network I
> get no response. I did run tcpdump on the box I am trying to ping, I see the
> ping come in and the pong go out. The problem (I think) is that when the ping
> comes in it has a public address so when any internal box tries to respond
> the response goes out its default gateway (not the ipsec gateway) trying to
> get there.
> 
> I am lost. What are my options...
> 
> 
> Thanks
> 
> Glenn
> 
> Quoting Jacco de Leeuw <jacco2 at dds.nl>:
> 
> > Glenn MacGregor wrote:
> > 
> > > I have been looking around for a week or so on how to create a 
> > > host-to-net
> > VPN
> > > connection from a windows XP box to an openswan box.
> > > 
> > > Forgive me but I very confused. I can make the connection from the 
> > > winxp
> > box
> > > using the free ipsec tool. I can ping the internal interface of the 
> > > vpn box
> > but
> > > can get no futher.
> > 
> > This is a normal configuration so it should work. Did you follow Nate 
> > Carlson's howto to the letter?
> > 
> > > What is the prefered method to handle this connection? Is it to use 
> > > l2tp or
> > can
> > > I do something with iptables using NAT or something.
> > 
> > L2TP is *not* required.
> > 
> > Jacco
> > -- 
> > Jacco de Leeuw                         mailto:jacco2 at dds.nl
> > Zaandam, The Netherlands           http://www.jacco2.dds.nl
> > 
> 
> 
> Glenn MacGregor
> HighStreet Networks
> 
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
> _______________________________________________
> Users mailing list
> Users at openswan.org http://lists.openswan.org/mailman/listinfo/users
> 


Glenn MacGregor
HighStreet Networks

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/


More information about the Users mailing list