[Openswan Users] android client shows public IP when sniffing ipsec0 interface (server routing issue)
Majid Khonji
majid at khonji.org
Thu Jul 1 10:32:15 EDT 2010
There is a small mistake in the problem description, let me rewrite it:
I am trying to use android 1.6 road-warriors behind nat.
using protostack=klips, the android client sends packets to ipsec0
successfully ( but source ip = Public ip), However, xl2tpd sends responses
back through the physical interface (based on the routing table).
On the other hand, when I try a linux client (behind nat as well), the
client shows a private IP inside ipsec0, and works with xl2tp just fine
My network is:
VPN server (public dhcp address) <---> internet <---> nat GW <---> Android
roadwarrior
I am using kernel 2.6.32 (patched), openswan 2.6.28dr1 (2.6.27 couldn't work
with multiple clients behind nat!!)
I used the following iptables rules:
# iptables -t mangle -A OUTPUT -o eth0 -p udp --sport 1701 -j MARK
--set-mark 2
# iptables -t mangle -A INPUT -i eth0 -p udp --dport 1701 -j MARK --set-mark
2
# ip rule
0: from all lookup local
32764: from all fwmark 0x2 lookup IPSEC
32766: from all lookup main
32767: from all lookup default
# ip route show table IPSEC
default dev ipsec0
Please help guys.
On Thu, Jul 1, 2010 at 3:22 AM, Majid Khonji <majid at khonji.org> wrote:
> Dear all,
>
> I am trying to use android 1.6 road-warriors behind nat.
> using protostack=klips, the android client sends packets to eth0
> successfully (with source ip = Public ip), However, xl2tpd sends responses
> back through the physical interface (based on the routing table).
> On the other hand, when I try a linux client (behind nat as well), the
> client shows a private IP inside ipsec0, and works with xl2tp.
>
> A dirty solution could be though iptables, but I am feeling lazy reading
> man page. If you have some, please give me.
>
> My network is:
>
> VPN server (public dhcp address) <---> internet <---> nat GW <---> Android
> roadwarrior )
>
> --
> Regards,
>
> Majid Khonji
>
>
--
Regards,
Majid Khonji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100701/0ae1b743/attachment.html
More information about the Users
mailing list