[Openswan Users] Gateways cannot access opposite networks - Openswan NETKEY

Jax cybercorecentre at gmail.com
Fri Aug 6 04:31:38 EDT 2010 

Hi

Use openvpn, it's much easier and better.
Companies don't use swan now either but cisco IOS.

Regards,
OpenSwan Team

On Fri, Aug 6, 2010 at 9:14 AM, Ryan Davies <ryan at professional.geek.nz> wrote:
> Hi All,
>
> Myself and my partner's father has set up a VPN so we can access each others
> internal networks.
>
> Our topology is as following: (Example)
>
>    Client A          ->        Server A            <->             Server
> B         <-          Client B
> 192.168.1.6               192.168.1.1
> 192.168.0.1                 192.168.0.6
> eth0: External IP
> eth1: Internal IP
>
> Client A can ping and access Server B and Client B
> Client B can ping and access Server A and Client A
>
> Server A cannot ping or access Server B and Client B
> Server B cannot ping or access Server A and Client A
>
> Firewall on Server A is set to full allow Server B's public IP
> Firewall on Server B is set to full allow Server A's public IP
>
> We are using NETKEY with PSK
>
> Here is my ipsec (With public IP's Removed):
> # /etc/ipsec.conf - Openswan IPsec configuration file
>
> version    2.0    # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
>     nat_traversal=yes
>     oe=off
>     protostack=netkey
>     plutostderrlog=/tmp/pluto.log
>
> conn Tunnel-to-Millers
>     type = tunnel
>     auth=esp
>     authby=secret
>     left=a.b.c.d (Server A's Public IP)
>     leftsubnet=192.168.1.0/24
>     right=w.x.y.z (Server B's Pubic IP)
>     rightsubnet=192.168.0.0/24
>     esp=3des-md5
>     rekey=yes
>     keyingtries=3
>     keyexchange=ike
>     auto=start
>
> Im not sure if its routing or masquerading or what, when running a
> traceroute to 192.168.0.6 from Server A, the requests go out through Server
> A's public IP
> root at Nelson:~# ping 192.168.0.6
> PING 192.168.0.6 (192.168.0.6) 56(84) bytes of data.
> ^C
> --- 192.168.0.6 ping statistics ---
> 6 packets transmitted, 0 received, 100% packet loss, time 5039ms
>
> If I ping forcing interface eth1 (Internal), they go through
> root at Nelson:~# ping -Ieth1 192.168.0.6
> PING 192.168.0.6 (192.168.0.6) from 192.168.1.1 eth1: 56(84) bytes of data.
> 64 bytes from 192.168.0.6: icmp_seq=1 ttl=63 time=34.2 ms
> 64 bytes from 192.168.0.6: icmp_seq=2 ttl=63 time=18.7 ms
> 64 bytes from 192.168.0.6: icmp_seq=3 ttl=63 time=16.7 ms
> 64 bytes from 192.168.0.6: icmp_seq=4 ttl=63 time=20.0 ms
> ^C
> --- 192.168.0.6 ping statistics ---
> 4 packets transmitted, 4 received, 0% packet loss, time 3003ms
> rtt min/avg/max/mdev = 16.716/22.457/34.252/6.916 ms
>
> Server A runs a DNS server which needs to pass requests for one of our
> domains to a DNS server on the 192.168.0.0 network.
>
> Any help would be appreciated
>
> --
> Regards,
> Ryan Davies
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>

More information about the Users mailing list