[Openswan Users] VPN Traffic Not Routed
Matthew Richer
matthew at velocitecinc.com
Tue Aug 22 11:07:10 EDT 2006
Further to the previous email here is the route information when my box is
connected at home. The thing that I notice is weird is the bridge IP gets
assigned to my internal gateway as opposed to the WAN Miniport interface.
Anyways, just wanted to add that.
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
XXX.XX.XXX.0 255.255.255.0 XXX.XX.XXX.229 XXX.XX.XXX.229 1
XXX.XX.XXX.229 255.255.255.255 127.0.0.1 127.0.0.1 50
XXX.XX.XXX.233 255.255.255.255 192.168.1.1 192.168.1.5 20
XXX.XX.XXX.255 255.255.255.255 XXX.XX.XXX.229 XXX.XX.XXX.229 50
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
224.0.0.0 240.0.0.0 XXX.XX.XXX.229 XXX.XX.XXX.229 50
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
255.255.255.255 255.255.255.255 XXX.XX.XXX.229 XXX.XX.XXX.229 1
Default Gateway: 192.168.1.1
===========================================================================
Matt.
_____
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Matthew Richer
Sent: August 22, 2006 9:59 AM
To: users at openswan.org
Subject: [Openswan Users] VPN Traffic Not Routed
Hello,
Although this may not be an OpenSwan question directly it is VPN related.
Below is my network setup.
Gateway --- Bridge --- Office Subnet (.224/28)
|
|
|
VPN (OpenSwan)
G/W IP: .225
Bridge IP: .233
My IP: .229
NetMask: 255.255.255.240 (/28)
Now what I was trying to setup was the ability for me to take my box home
sometimes set it up on my internal network and VPN into the bridge and
recapture my old office IP. (.229). The connection establishes ok, and I
get my IP ok.
Here comes the weird parts :P.
Ping From Home To Bridge (.229 -> .233) OK
Ping >From Bridge To Home (.233 -> .229) FAILED
Ping >From Other To Home (.234 -> .229) FAILED
TCPDump On ppp0 (.229 -> .233) No Traffic Displayed But Ping
Works ?
TCPDump On ppp0 (.233 -> .229) Outgoing packet shown, no
response, ping fails
TCPDump On ppp0 (.234 -> .229) No Traffic Displayed,
Destination Host Unreachable, ping fails
Furthermore, I can ping the bridge from home but I can't ping my pc (at
home) from any PC on the subnet (bridge included) any other PC in the subnet
and any pc on the subnet cannot ping my ip. When I do a TCPdump I can see
traffic on ppp0 but nothing-related on br0.
Just for some more background information, the bridge is essentially just
transparently doing HTTP caching, POP3/SMTP scanning, and firewalling. I'll
tested pings without any firewall rules in place so I know its not a
firewall issue. (ACCEPT on the forward/input/output chains). I'm running on
the 2.6 kernel with OpenSwan 2.0 but I doubt that matters since the VPN
establishes fine.
Any ideas?
ROUTE INFO FOR BRIDGE (NO VPN CONNECTED):
Destination Gateway Genmask Flags Metric Ref Use
Iface
XXX.XX.XXX.224 0.0.0.0 255.255.255.240 U 0 0 0 br0
0.0.0.0 XXX.XX.XXX.225 0.0.0.0 UG 0 0 0 br0
ROUTE INFO FOR BRIDGE (VPN CONNECTED):
Destination Gateway Genmask Flags Metric Ref Use
Iface
XXX.XX.XXX.229 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
MY.HOME.245.173 XXX.XX.XXX.225 255.255.255.255 UGH 0 0 0 br0
XXX.XX.XXX.224 0.0.0.0 255.255.255.240 U 0 0 0 br0
0.0.0.0 XXX.XX.XXX.225 0.0.0.0 UG 0 0 0 br0
Matt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060822/af820982/attachment-0001.html
More information about the Users
mailing list