[Openswan Users] routing problem?

Frank Jansen chef at drecksserver.de
Tue Jun 29 08:02:16 EDT 2010


does not help :(


> what if you define the internal interface while pinging:
> ping 10.11.220.10 -I eth1
>
> if this helps, set on your side:
>
> leftsourceip=your_internal_ip
>
>
>
> leftsourceip=
>
> On Tue, Jun 29, 2010 at 12:51 PM, Frank jansen <jansen at fumarium.de> wrote:
>
>> Hi folks,
>>
>> we want to build up an vpn connection between two LANs. Our setup is as
>> follows:
>>
>> 10.11.220.10/32 (other company LAN) --- 80.148.46.1xx (other company
>> gateway) ======= 85.214.66.xx (our company gateway)---- 10.29.161.0/24
>> (our company LAN)
>>
>>  From a machine in our company LAN e.g. 10.29.161.10 i can't ping or
>> access any service on the opposite site at 10.11.220.10.
>>
>> The tunnel seems to up, ipsec status --auto says:
>> 000 #2: "conn1":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
>> EVENT_SA_REPLACE in 85769s; newest IPSEC; eroute owner
>> 000 #2: "lconn1" esp.5cf735a at 80.148.46.xx esp.1317c3fb at 85.214.66.xx
>> tun.0 at 80.148.46.xx tun.0 at 85.214.66.xx
>> 000 #1: "conn1":500 STATE_MAIN_I4 (ISAKMP SA established);
>> EVENT_SA_REPLACE in 85712s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)
>>
>> routing entries also exists:
>> at our gateway:
>> Kernel-IP-Routentabelle
>> Ziel            Router          Genmask         Flags Metric Ref    Use
>> Iface
>> 85.214.64.1     0.0.0.0         255.255.255.255 UH    0      0        0
>> eth0
>> 10.11.220.10    0.0.0.0         255.255.255.255 UH    0      0        0
>> eth0
>> 10.29.161.0     0.0.0.0         255.255.255.0   U     0      0        0
>> eth1
>> 0.0.0.0         85.214.64.1     0.0.0.0         UG    0      0        0
>> eth0
>>
>> at one LAN machine:
>> 10.11.220.0     10.29.161.12    255.255.255.0   UG    0      0        0
>> eth1
>> 10.29.161.0     0.0.0.0         255.255.255.0   U     0      0        0
>> eth1
>>
>> IPv4 forwarding is enabled on the gateway. If i ping from a LAN machine,
>> i can see traffic on the external interface (eth0) at the gateway, but
>> it seems to go in the nirvana:
>> h1694579(neu):/etc# tcpdump -vvv host 10.11.220.10 -i eth0
>> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96
>> bytes
>> 11:48:14.391539 arp who-has 10.11.220.10 tell h169xxxx.stratoserver.net
>> 11:48:14.392955 arp reply 10.11.220.10 is-at 00:00:0c:9f:f0:02 (oui
>> Cisco)
>> 11:48:14.392962 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto
>> ICMP (1), length 84) 10.29.161.10 > 10.11.220.10: ICMP echo request, id
>> 24417, seq 1, length 64
>> 11:48:14.392965 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto
>> ICMP (1), length 84) 10.29.161.10 > 10.11.220.10: ICMP echo request, id
>> 24417, seq 2, length 64
>> 11:48:14.392974 arp reply 10.11.220.10 is-at 00:00:0c:9f:f0:02 (oui
>> Cisco)
>> 11:48:15.383045 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto
>> ICMP (1), length 84) 10.29.161.10 > 10.11.220.10: ICMP echo request, id
>> 24417, seq 3, length 64
>>
>>
>> I am a bit lost, as i can't find the failure in our setup. Any hint or
>> help is appreciated :-)
>>
>> Kind regards,
>>
>> Frank Jansen
>>
>>
>>
>> --
>>
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>
>
>
> --
> Mvh,
> Aurimas Skirgaila
>




More information about the Users mailing list