[Openswan Users] VPN tunnel established but could not transfer data for one roadwarrior setup and could transfer data for another roadwarrior setup

Mohamed Mydeen.A mohamedmydeen.a at jasmin-infotech.com
Thu Apr 3 11:29:37 EDT 2008 

Hi,

 

 

I am having problem in data transfer after tunnel is established. Actually I
am having two setups. I have data transfer problem only with the first
setup. I am giving the second setup only for understanding. I will explain
these two setups as Scenario 1 and Scenario 2

 

 

Scenario 1: (With first ISP(Internet Service Provider) who is giving Local
IP address for my Laptop Connection as 10.15.23.89)

 

 

The network structure for the first scenario will be as follows.

 

My_Laptop(openswan-2.4.10_running_here_in_Suse_Linux_10.1_as_Client)--------
------------Internet-------------------MyOffice_Hardware_Firewall-----------
--My_Office_LAN

10.15.23.89
57.85.78.65                                    172.16.0.0/16

 

 

I am trying to connect my laptop as a roadwarrior to my office LAN which is
behind Hardware Firewall.  I am able to establish tunnel between my Laptop
and to my office Firewall. After the tunnel is established, if I ping from
my Laptop to any one of the PCs in my office LAN, I am not able to ping to
that PC (Infact it is the case for every PC). Here the Internet Service
Provider for my Laptop connection is giving Local IP address like
10.15.23.89.  This is the first scenario. I am giving here the ipsec.conf
and ipsec.secrets for the first scenario

 

Ipsec.conf file will be as follows:

 

left=10.15.23.89                         (Local IP Address assigned to my
Laptop by one ISP)

leftsubnet=10.15.23.89/32           (Subnet of my Laptop)

right=57.85.78.65                       (Public IP or WAN IP of my office
Hardware firewall)

rightsubnet=172.16.0.0/16          (Local Subnet of my office LAN)

keyexchange=ike

ike=3des-md5-modp1024

auth=esp

esp=3des-md5

authby=secret

 

 

ipsec.secrets fill will be as follows:

 

: PSK "sharedsecrets"

 

 

 

Scenario 2: (With second ISP who is giving Public IP address for my Laptop
Connection as 117.97.103.230)

 

The network structure for the second scenario will be as follows.

 

My_Laptop(openswan-2.4.10_running_here_in_Suse_Linux_10.1_as_Client)--------
------------Internet-------------------MyOffice_Hardware_Firewall-----------
--My_Office_LAN

117.97.103.230
57.85.78.65                                    172.16.0.0/16

 

 

If I am connecting my Laptop to another ISP, I will be connected with Public
IP  address of 117.97.103.230.  Now I am able to establish the tunnel and do
data transfer very well between my Laptop and any machine in my office LAN
which are behind Hardware Firewall. This second scenario has no issues at
all. It is working very fine. Just for explanation only I am giving this
Second Scenario. My actual problem is the First Scenario. The files
ipsec.conf and ipsec.secrets for the second scenario will be as follows.

 

Ipsec.conf file will be as follows:

 

left=117.97.103.230                    (Public IP Address assigned to my
Laptop by another ISP)

leftsubnet=117.97.103.230/32     (Subnet of my Laptop)

right=57.85.78.65                       (Public IP or WAN IP of my office
Hardware Firewall)

rightsubnet=172.16.0.0/16          (Local Subnet of my office LAN)

keyexchange=ike

ike=3des-md5-modp1024

auth=esp

esp=3des-md5

authby=secret

 

 

ipsec.secrets fill will be as follows:

 

: PSK "sharedsecrets"

 

I have not given the logs because I am very well getting IPsec Established
for both the scenarios.

 

In my place, most of the ISP providers, they are assigning Local IP Address
for the Roadwarriors like 10.15.23.89,10.15.90.25, 10.6.20.87 and etc.
Luckily one ISP who is giving public IP address like 117.97.103.230. I feel
that I am facing this data transfer issue due to this Local IP address. 

 

Is this issue (Scenario 1)due to Local IP address or anything else ?

 

Is there anything to add like leftid or leftsourceip, leftnexthop in my
ipsec.conf to eliminate this issue (for the scenario 1)?

 

Is it possible to do data transfer (after tunnel creation ) if I am assigned
with Local IP Address by adding  some settings in my ipsec.conf
/ipsec.secrets ? 

 

Kindly give your valuable help.

 

Thanks & Regards,

 

Mohamed Mydeen A

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080403/1a1a0152/attachment-0001.html

More information about the Users mailing list