[Openswan Users] Cannot make openswan working...
s-andy at in.if.ua
Thu May 1 20:08:58 EDT 2008
>>>> I still don't understand your setup. The server has a leftnexthop
>>>> to its own network interface?
>>> Actually, yes... Is this not good?
>> No, not good. Usually you don't need to explicitly set this parameter.
>> See man ipsec.conf.
> Without this parameter I used to loose any connectivity with the
> server (including ssh or ping) after IPSec connection had been
>>> eth1 is internal interface which does have real world IP addresses.
>> Why? It is not to be accessed from the outside, right?
> No, actually it should be accessed from outside. Even more - we have
> many machines with real world IPs in out internal network and many of
> them also should be accessed from outside. We are using firewall to
> limit this access of course...
>>> Openswan listens to 18.104.22.168. L2TP server also listens to 22.214.171.124.
>> That means you want users on the internal network to securely access
>> the Internet?
> This is not the main wish - but it would be great to have such
>>>> What is it exactly that you want to achieve? Allow VPN users in
>>>> from the Internet to the internal network? Allow VPN users on
>>>> the internal (possibly untrusted such as wireless?) network out
>>>> to the Internet?
>>> Ideally I want both... But currently I want to have VPN for external
>>> (from Internet) users.
>> If so, then currently Openswan is listening on the wrong interface.
> Actually I started to think the same way... See below.
>> I don't know if you can support both scenarios at the same time.
>> I for one have not tested this. If you are just starting with
>> Openswan and L2TP, I'd say to forget about it at this stage.
> If I forget I will never learn it. I would like to keep trying... for now.
> Have an update:
> Well... As I promised I have tried to specify another route for L2TP
> traffic. However it did not help!
> On the other side... I have found many configurations in Google using
> transport mode. And I was using tunnel mode... So I decided to give it
> a try. In the transport mode the Openswan server complains:
> route-host output: /usr/lib/ipsec/_updown: doroute `ip route add
> 126.96.36.199/32 via 188.8.131.52 dev ipsec0 ' failed (RTNETLINK answers:
> Network is unreachable)
> I just thought that such route (if possible to set) would solve my
> problem with L2TP... :) Seems you have mentioned in your doc that
> Windows requires transport mode (I can be wrong)... So now I'm going
> to try using eth0 as an interface for ipsec.
Okey, I did and now my VPN works! =)
Thank you all very much! Special thanks to you, Jacco!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users