[Openswan Users] VPN tunnel established but could not transfer data for one roadwarrior setup and could transfer data for another roadwarrior setup
Mohamed Mydeen.A
mohamedmydeen.a at jasmin-infotech.com
Mon Apr 7 01:26:57 EDT 2008
Hi Users,
I have posted one problem which I have been facing for the past 5 days. I
am in terrible situation to clear this issue. Hope, any one can answer to
my problem.
I am giving the same problem here again.
I am having problem in data transfer after tunnel is established. Actually I
am having two setups. I have data transfer problem only with the first
setup. I am giving the second setup only for understanding. I will explain
these two setups as Scenario 1 and Scenario 2
Scenario 1: (With first ISP(Internet Service Provider) who is giving Local
IP address for my Laptop Connection as 10.15.23.89)
The network structure for the first scenario will be as follows.
My_Laptop(openswan-2.4.10_running_here_in_Suse_Linux_10.1_as_Client)--------
------------Internet-------------------MyOffice_Hardware_Firewall-----------
--My_Office_LAN
10.15.23.89
57.85.78.65 172.16.0.0/16
I am trying to connect my laptop as a roadwarrior to my office LAN which is
behind Hardware Firewall. I am able to establish tunnel between my Laptop
and to my office Firewall. After the tunnel is established, if I ping from
my Laptop to any one of the PCs in my office LAN, I am not able to ping to
that PC (Infact it is the case for every PC). Here the Internet Service
Provider for my Laptop connection is giving Local IP address like
10.15.23.89. This is the first scenario. I am giving here the ipsec.conf
and ipsec.secrets for the first scenario
Ipsec.conf file will be as follows:
left=10.15.23.89 (Local IP Address assigned to my
Laptop by one ISP)
leftsubnet=10.15.23.89/32 (Subnet of my Laptop)
right=57.85.78.65 (Public IP or WAN IP of my office
Hardware firewall)
rightsubnet=172.16.0.0/16 (Local Subnet of my office LAN)
keyexchange=ike
ike=3des-md5-modp1024
auth=esp
esp=3des-md5
authby=secret
ipsec.secrets fill will be as follows:
: PSK "sharedsecrets"
Scenario 2: (With second ISP who is giving Public IP address for my Laptop
Connection as 117.97.103.230)
The network structure for the second scenario will be as follows.
My_Laptop(openswan-2.4.10_running_here_in_Suse_Linux_10.1_as_Client)--------
------------Internet-------------------MyOffice_Hardware_Firewall-----------
--My_Office_LAN
117.97.103.230
57.85.78.65 172.16.0.0/16
If I am connecting my Laptop to another ISP, I will be connected with Public
IP address of 117.97.103.230. Now I am able to establish the tunnel and do
data transfer very well between my Laptop and any machine in my office LAN
which are behind Hardware Firewall. This second scenario has no issues at
all. It is working very fine. Just for explanation only I am giving this
Second Scenario. My actual problem is the First Scenario. The files
ipsec.conf and ipsec.secrets for the second scenario will be as follows.
Ipsec.conf file will be as follows:
left=117.97.103.230 (Public IP Address assigned to my
Laptop by another ISP)
leftsubnet=117.97.103.230/32 (Subnet of my Laptop)
right=57.85.78.65 (Public IP or WAN IP of my office
Hardware Firewall)
rightsubnet=172.16.0.0/16 (Local Subnet of my office LAN)
keyexchange=ike
ike=3des-md5-modp1024
auth=esp
esp=3des-md5
authby=secret
ipsec.secrets fill will be as follows:
: PSK "sharedsecrets"
I have not given the logs because I am very well getting IPsec Established
for both the scenarios.
My question is, Can openswan support Roadwarrior assigned with Local IP ?
The tunnel established but the data transfer on both sides cannot be done.
In my place, most of the ISP providers, they are assigning Local IP Address
for the Roadwarriors like 10.15.23.89,10.15.90.25, 10.6.20.87 and etc.
Luckily one ISP who is giving public IP address like 117.97.103.230.
Is this issue (Scenario 1)due to Local IP address or anything else ?
Is there anything to add like leftid or leftsourceip, leftnexthop in my
ipsec.conf to eliminate this issue (for the scenario 1)?
Is it possible to do data transfer (after tunnel creation ) if I am assigned
with Local IP Address by adding some settings in my ipsec.conf
/ipsec.secrets ?
Will it be the problem like ISP is blocking ESP packets ?
Your help is much appreciated.
Thanks & Regards,
Mohamed Mydeen A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080407/5f64b53a/attachment-0001.html
More information about the Users
mailing list