[Openswan Users] VPN ; - Linux as VPN client , routing problem[SOLVED]

John Joseph jjk_saji at yahoo.com
Wed Dec 6 06:27:00 EST 2006


Hi Paul 
   Thanks , I am able to connect to the VPN , and
route  all the traffic through ppp0.This is what I had
done , after the connection was established. 


#####################################################

route del -net 169.254.0.0 netmask 255.255.0.0
route add default gw 192.168.168.167 ppp0
route add -host AAA.BB.CC.DD dev eth0
route add -host AAA.BB.CC.DD  gw 10.0.0.1 dev eth0
route add -host 10.0.0.1 dev eth0
route del default gw 10.0.0.1 dev eth0

##
AAA.BB.CC.DD ==> Public IP address of VPN server 
##################################

This I had tried using CentOS .
I do have plan to try  FreeSwan  on  LinkSys  router
with OpenWrt installed 
                             Thanks 
                                 Joseph John









--- John Joseph <jjk_saji at yahoo.com> wrote:

> --- Paul Wouters <paul at xelerance.com> wrote:
> 
> > On Sun, 26 Nov 2006, John Joseph wrote:
> > So I am assuming you mean the client obtains an IP
> > address,
> > and uses that IP address as the default address to
> > talk to
> > the world, and therefor, it is all getting
> > encrypted.
> > 
> > > >From the Linux client after running
> > > echo "c L2TPserver" > /var/run/l2tp-control
> > > I am able get the VPN connection
> > 
> > > At this stage I am able to ping to my VPN server
> > local
> > > ip "192.168.168.167"
> > 
> > > Now after modifying the route , using command
> > >
> > > route add -net 0.0.0.0 dev ppp0
> > 
> > You should never set routing manually with IPsec.
> > Without IPsec
> > policies in the kernel, everything you reroute
> into
> > it gets
> > dropped. IPsec is not a virtual ethernet device.
> It
> > is a device
> > with strong security policies.
> > 
> > Try "ping -I yourl2tpIP 192.168.168.167"
> > and ping -I yourl2tpIP someipintheworld
> > 
> > or use traceroute -s
> > (traceoute -s used to be broken on debian, not
> sure
> > if that is still the case)
> > 
> > In other words, I think you are just using the
> wrong
> > source ip address,
> > and in fact everything is fine, you just default
> to
> > using the wrong ip.
> > 
> > Perhaps this will work:
> > 
> > ip route add 0.0.0.0/1 src yourl2tpip via
> > 192.168.168.167 dev ppp0
> > ip route add 128.0.0.0/1 src yourl2tpip via
> > 192.168.168.167 dev ppp0
> 
> Hi
>   Thanks for the mail .
>   After the VPN connection is established
> (192.168.168.100 is my Client L2TPD IP address )
>   when I give
>        ping -I  192.168.168.100  192.168.168.167 , I
> get reply
> but when I give ping -I 192.168.168.100 
> 66.94.234.13
> does not give reply
> 
> ####
> Now after giving
> 
> ip route add 0.0.0.0/1 src 192.168.168.100 via
> 192.168.168.167 dev ppp0
> ip route add 128.0.0.0/1 src 192.168.168.100 via
> 192.168.168.167 dev ppp0
> 
> I cannot ping or traceroute at all
> 
> ####
> 
> Now after restarting the l2tpd and getting
> connected,
> I tried out only  
>  
> [root at localhost ~]# ip route add 0.0.0.0/1 src
> 192.168.168.100 via 192.168.168.167 dev ppp0
> 
> This gives me a ping reply and traceroute through
> the
> l2tpd IP address , only if the destination addresss
> is less than or equal to 126.X.X.X
> as shown below
> 
> 
> [root at localhost ~]# traceroute 66.94.234.13
> traceroute to 66.94.234.13 (66.94.234.13), 30 hops
> max, 38 byte packets
>  1  192.168.168.167 (192.168.168.167)  325.840 ms 
> 277.033 ms  264.949 ms
>  2  204-187-120-1.amah.com (204.187.120.1)  271.728
> ms
>  262.635 ms  269.588 ms
>  3  38.112.240.89 (38.112.240.89)  270.376 ms 
> 270.707
> ms  268.068 ms
> 
> 
> 
> 
>
############################################################
> 
> [root at localhost ~]#
> [root at localhost ~]# traceroute 166.94.234.13
> traceroute to 166.94.234.13 (166.94.234.13), 30 hops
> max, 38 byte packets
>  1  10.0.0.1 (10.0.0.1)  4.803 ms  4.834 ms  6.923
> ms
>  2  213.42.8.55 (213.42.8.55)  15.158 ms  18.286 ms 
> 18.479 ms
>  3  213.42.9.114 (213.42.9.114 )  21.195 ms  20.189
> ms
>  30.852 ms
>  4  194.170.0.138 (194.170.0.138)  18.971 ms  23.735
> ms  17.470 ms
> 
> #############
> 
> [root at localhost ~]# traceroute 126.94.234.13
> traceroute to 126.94.234.13 (126.94.234.13), 30 hops
> max, 38 byte packets
>  1  192.168.168.167 (192.168.168.167)  306.629 ms 
> 307.061 ms  310.109 ms
>  2  204-187-120-1.amah.com (204.187.120.1 )  302.881
> ms  290.212 ms  318.677 ms
>  3  38.112.240.89 (38.112.240.89)  313.269 ms 
> 319.027
> ms  321.705 ms
> 
> 
> 
> 
> 
> > 
> > This will make "more specific routes" then the
> > default route, and
> > use your internal IP as the new "default ip for
> > outgoing connections".
> > 
> > You could put these commands in a custom
> leftupdown=
> > script.
> > (copy the one that is installed and add the
> commands
> > to it)
> > 
> > Paul
> > 
> 
> 
> Send instant messages to your online friends
> http://uk.messenger.yahoo.com 
> 
> Send instant messages to your online friends
> http://uk.messenger.yahoo.com 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks
> with Openswan: 
>
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 



		
___________________________________________________________ 
Try the all-new Yahoo! Mail. "The New Version is radically easier to use" – The Wall Street Journal 
http://uk.docs.yahoo.com/nowyoucan.html


More information about the Users mailing list