[Openswan Users] Works.. But Something Weird is happening
Luis Nagaki
luis.nagaki at gmail.com
Mon Jun 4 14:23:43 EDT 2012
can you help me understand a bit better the virtual_private a little better?
Im stuck on getting ping working in both directions. It works from VPN
Client -> the server. But not from Server to the Client. I HAD it
working but it was when the server was connecting back out its
internal GW since it has 2 ways of getting to the internet.
On the VPN Client i have 2 Internal Networks:
eth0 = 192.168.1.6 < --- connected to the internet via Netgear router.
GW = 192.168.1.1
eth1 = 172.16.181.5 <-- only internal . i want the VPN Server to be
able to connect and ping to the 172.
heres my conf on the vpn client:
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
#klipsdebug=all
#plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
#virtual_private=
#virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:10.1.0.0/16,%v4:192.168.1.0/24,%v4:172.16.181.0/28%v6:fd00::/8,%v6:fe80::/10
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:!10.1.0.0/16,%v6:fd00::/8,%v6:fe80::/10
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
vpn client conf file
conn poller2
left=192.168.1.6
leftsubnet=192.168.1.0/24
leftid=@server2
leftrsasigkey=0sAQOdr366hK..
leftnexthop=%defaultroute
right=75.149.188.XX
rightsubnet=10.1.0.0/16
rightid=@server1
rightrsasigkey=0sAQPUN/0..
rightnexthop=%defaultroute
auto=start
VPN SErver conf file:
conn central
left=76.26.48.XX
leftsubnet=192.168.1.0/24
leftid=@server2
leftrsasigkey=0sAQOdr366h..
leftnexthop=%defaultroute
right=75.149.188.XX
rightsubnet=10.1.0.0/16
rightid=@server1
rightrsasigkey=0sAQPBY4Le..
rightnexthop=%defaultroute
auto=add
VPN SErver IPsec.conf:
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
#klipsdebug=all
#plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
# exclude networks used on server side by adding %v4:!a.b.c.0/24
virtual_private=%v4:10.0.0.0/8,%v4:!192.168.0.0/16,%v4:!10.1.0.0/16,%v6:fd00::/8,%v6:fe80::/10
output from secure log file: connection is created.
"central" #7: the peer proposed: 10.1.0.0/16:0/0 -> 192.168.1.0/24:0/0
"central" #8: responding to Quick Mode proposal {msgid:32eb4e49}
"central" #8: us:
10.1.0.0/16===75.149.188.XX<75.149.188.21>[@server1,+S=C]---75.149.188.XX
"central" #8: them:
75.149.188.XX---76.26.48.XX<76.26.48.XX>[@server2,+S=C]===192.168.1.0/24
"central" #8: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
"central" #7: the peer proposed: 10.1.0.0/16:0/0 -> 192.168.1.0/24:0/0
"central" #8: responding to Quick Mode proposal {msgid:32eb4e49}
"central" #8: us:
10.1.0.0/16===75.149.188.XX<75.149.188.XX>[@server1,+S=C]---75.149.188.XX
"central" #8: them:
75.149.188.XX---76.26.48.11<76.26.48.XX>[@server2,+S=C]===192.168.1.0/24
"central" #8: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
"central" #8: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,
expecting QI2
"central" #8: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
"central" #8: STATE_QUICK_R2: IPsec SA established tunnel mode
{ESP=>0xffd7d1ad .....
"central" #8: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
"central" #8: STATE_QUICK_R2: IPsec SA established tunnel mode
{ESP=>0xffd7d1ad......
here are my routes
VPN SERVER
Destination Gateway Genmask Flags Metric Ref Use Iface
75.149.188.XX 0.0.0.0 255.255.255.248 U 0 0 0 eth0
10.0.0.0 10.1.0.1 255.255.255.0 UG 0 0 0 eth1
10.1.0.0 10.1.0.1 255.255.0.0 UG 0 0 0 eth1
10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 75.149.188.XX 0.0.0.0 UG 0 0 0 eth0
VPN CLIENT
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.181.0 0.0.0.0 255.255.255.240 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
More information about the Users
mailing list