[Openswan Users] OpenSwan Issue

Luis Nagaki luis.nagaki at gmail.com
Thu May 31 17:26:09 EDT 2012


I got it all to work by doing that before this came in :)
but what the issue will be down the line for me is that i wont be able
to get much access to client location firewalls to allow the NAT of
external IP to the internal VPN Client =\.. is there a work around for
this?

Now that its working, i have my firewall rules set. ssh, http(s) icmp
etc. i see pings and ssh hitting the vpn server via tcpdump, BUT
nothing happens. no ping replies, or response from ssh etc. i have the
rules for both directions.

ssh
15:51:11.973660 IP (tos 0x0, ttl  64, id 47499, offset 0, flags [DF],
proto: TCP (6), length: 60) 192.168.2.6.60475 > 10.1.0.45.22: S, cksum
0xdb8c (correct), 3657214509:3657214509(0) win 5840 <mss
1460,sackOK,timestamp 77927334 0,nop,wscale 7>

ping
15:51:08.747203 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF],
proto: ICMP (1), length: 84) 192.168.2.6 > 10.1.0.45: ICMP echo
request, id 40460, seq 3, length 64

btw, thank you for the help :)


On Thu, May 31, 2012 at 5:21 PM, Willie Gillespie
<wgillespie+openswan at es2eng.com> wrote:
> See inline below.
>
>
> On 05/31/2012 11:31 AM, Luis Nagaki wrote:
>>
>> VPN Client behind a Dlink soho Home
>> Quote:
>> conn poller2
>> left=192.168.2.6
>> leftid=@server2
>> leftrsasigkey=0sAQOdr36..| (Removed to make it smaller)
>> leftnexthop=%defaultroute
>> right=PUBLIC IP OF VPN SERVER
>> rightid=@server1
>> rightrsasigkey=0sAQPUN/..| (Removed to make it smaller)
>> rightnexthop=%defaultroute
>> auto=add
>
>
> This looks fine.  left is itself, right is the public IP of the server.
>
>
>
>> VPN Server directly connected to internet
>>
>> Quote:
>> conn central
>> left=PUBLIC IP of VPN Server
>> leftid=@server1
>> leftrsasigkey=0sAQPBY4LedS..| (Removed to make it smaller)
>> leftnexthop=%defaultroute
>> right=192.168.2.6
>> rightid=@server2
>> rightrsasigkey=0sAQOdr366h..| (Removed to make it smaller)
>> rightnexthop=External IP Of SOHO Device? or should i leave %defaultroute
>> auto=add
>
>
> This is what is probably causing you trouble.
> left is itself, which is fine.
> right should be the external IP of the client (SOHO device), since that is
> what the VPN server "sees" trying to connect to it.
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list