[Openswan Users] Connection working, but no routing
Mike Davis
lexus03 at hotmail.com
Sun Feb 25 16:30:05 EST 2007
Hello all,
I recently decided to setup a VPN on my home network. I must say, I
struggled for quite some time, but I finally managed to successfully make an
encrypted connection to my VPN. The problem I'm experiencing is that after
connecting, I'm not able to get any of the routing to work. I get an IP
address, but can't ping anything on my private LAN. Using tcpdump, I can see
traffic going from my system to the internal hosts, but nothing ever comes
back. Here's my network layout...
Private LANs -------> Ubuntu (firewall/router/openswan) --> DSL modem
(bridge) --> Internet <-- Roadwarriors
(192.168.1.0/24) (my.public.ip.address[ppp0])
(192.168.2.0/24) (192.168.1.1[eth1])
(192.168.3.0/24) (192.168.100.1[eth1:1])
(192.168.2.1[eth2])
(192.168.3.1[eth3])
The private LAN I would like to access is my 192.168.1.0/24 subnet. The way
I'm testing is that I'm trying to connect to my VPN from 192.168.3.4. I
realize this isn't an ideal test as I should try from a "roadwarrior"
connection, but for now I need to get it working this way. Like I mentioned,
I'm getting connected, just no routing is working. I've literally spent
about 15 hours on this to no avail and I can't seem to track down what I
might be doing wrong.
I was hoping that maybe someone could provide some ideas or perhaps point
out what might be wrong in my configuration.
Thanks in advance!!!
-- routing tables --
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.100.99 UGSc 7 17 ppp0
66.207.132.69 192.168.3.1 UGHS 1 10 en1
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 15 53334 lo0
169.254 link#5 UCS 0 0 en1
192.168.1.2 192.168.100.99 UGHW 10 10 ppp0
192.168.3/28 link#5 UCS 1 0 en1
192.168.3.1 0:60:f5:6:1d:d3 UHLW 1 17 en1 1187
192.168.3.4 127.0.0.1 UHS 0 0 lo0
192.168.100 ppp0 USc 0 0 ppp0
192.168.100.99 192.168.100.100 UH 2 0 ppp0
-- end routing tables --
-- ipsec.conf --
version 2.0
config setup
interfaces=%defaultroute
overridemtu=1200
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.100.0/24
conn %default
keyingtries=3
compress=yes
disablearrivalcheck=no
authby=secret
type=tunnel
keyexchange=ike
ikelifetime=240m
keylife=60m
conn roadwarrior-net
leftsubnet=192.168.1.0/24
also=roadwarrior
conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior
conn roadwarrior-l2tp
leftprotoport=17/0
rightprotoport=17/1701
also=roadwarrior
conn roadwarrior-l2tp-osx
leftprotoport=17/1701
rightprotoport=17/%any
also=roadwarrior
conn roadwarrior-l2tp-updatedwin
leftprotoport=17/1701
rightprotoport=17/1701
also=roadwarrior
conn roadwarrior
pfs=no
left=%defaultroute
right=%any
rightsubnet=vhost:%no,%priv
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
-- end ipsec.conf --
-- l2tpd.conf --
[global]
port = 1701
listen-addr = my.public.ip.address
[lns default]
ip range = 192.168.100.100-192.168.100.110
local ip = 192.168.100.99
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.lns
length bit = yes
-- l2tpd.conf end --
-- options.l2tpd.lns --
ipcp-accept-local
ipcp-accept-remote
ms-dns 192.168.1.2
ms-wins 192.168.1.2
noccp
auth
crtscts
idle 1800
mtu 1400
mru 1400
+mschap-v2
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
silent
logfile /var/log/l2tpd.log
-- options.l2tpd.lns end --
_________________________________________________________________
Refi Now: Rates near 39yr lows! $430,000 Mortgage for $1,399/mo - Calculate
new payment
http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9632-17727&moid=7581
More information about the Users
mailing list