[Openswan Users] android client shows public IP when sniffing ipsec0 interface (server routing issue)

Majid Khonji majid at khonji.org
Thu Jul 1 10:37:57 EDT 2010


One thing more:
Even though I used iptables and iproute2, still xl2tpd is not happy at all.
It simply it doesn't like IPsec.
When I run without ipsec tunnel, it just damn works!!!

Using NETKEY, xl2tpd was pretty happy (but again nooo damn multiple clients
behind a shitty natttt)

On Thu, Jul 1, 2010 at 6:32 PM, Majid Khonji <majid at khonji.org> wrote:

> There is a small mistake in the problem description, let me rewrite it:
>
> I am trying to use android 1.6 road-warriors behind nat.
> using protostack=klips, the android client sends packets to ipsec0
> successfully ( but source ip = Public ip), However, xl2tpd sends responses
> back through the physical interface (based on the routing table).
> On the other hand, when I try a linux client (behind nat as well), the
> client shows a private IP inside ipsec0, and works with xl2tp just fine
>
> My network is:
>
> VPN server (public dhcp address) <---> internet <---> nat GW <---> Android
> roadwarrior
>
> I am using kernel 2.6.32 (patched), openswan 2.6.28dr1 (2.6.27 couldn't
> work with multiple clients behind nat!!)
>
>
>
> I used the following iptables rules:
>
> # iptables -t mangle -A OUTPUT -o eth0 -p udp --sport 1701 -j MARK
> --set-mark 2
> # iptables -t mangle -A INPUT -i eth0 -p udp --dport 1701 -j MARK
> --set-mark 2
>
>
> # ip rule
> 0: from all lookup local
> 32764: from all fwmark 0x2 lookup IPSEC
> 32766: from all lookup main
> 32767: from all lookup default
>
>
> # ip route show table IPSEC
> default dev ipsec0
>
>
> Please help guys.
>
>
>
>
> On Thu, Jul 1, 2010 at 3:22 AM, Majid Khonji <majid at khonji.org> wrote:
>
>> Dear all,
>>
>> I am trying to use android 1.6 road-warriors behind nat.
>> using protostack=klips, the android client sends packets to eth0
>> successfully (with source ip = Public ip), However, xl2tpd sends responses
>> back through the physical interface (based on the routing table).
>> On the other hand, when I try a linux client (behind nat as well), the
>> client shows a private IP inside ipsec0, and works with xl2tp.
>>
>> A dirty solution could be though iptables, but I am feeling lazy reading
>> man page. If you have some, please give me.
>>
>> My network is:
>>
>> VPN server (public dhcp address) <---> internet <---> nat GW <---> Android
>> roadwarrior )
>>
>> --
>> Regards,
>>
>> Majid Khonji
>>
>>
>
>
> --
> Regards,
>
> Majid Khonji
>
>


-- 
Regards,

Majid Khonji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100701/ba65c3d8/attachment.html 


More information about the Users mailing list