[Openswan Users] OpenSwan Issue
luis.nagaki at gmail.com
Thu May 31 17:26:09 EDT 2012
I got it all to work by doing that before this came in :)
but what the issue will be down the line for me is that i wont be able
to get much access to client location firewalls to allow the NAT of
external IP to the internal VPN Client =\.. is there a work around for
Now that its working, i have my firewall rules set. ssh, http(s) icmp
etc. i see pings and ssh hitting the vpn server via tcpdump, BUT
nothing happens. no ping replies, or response from ssh etc. i have the
rules for both directions.
15:51:11.973660 IP (tos 0x0, ttl 64, id 47499, offset 0, flags [DF],
proto: TCP (6), length: 60) 192.168.2.6.60475 > 10.1.0.45.22: S, cksum
0xdb8c (correct), 3657214509:3657214509(0) win 5840 <mss
1460,sackOK,timestamp 77927334 0,nop,wscale 7>
15:51:08.747203 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF],
proto: ICMP (1), length: 84) 192.168.2.6 > 10.1.0.45: ICMP echo
request, id 40460, seq 3, length 64
btw, thank you for the help :)
On Thu, May 31, 2012 at 5:21 PM, Willie Gillespie
<wgillespie+openswan at es2eng.com> wrote:
> See inline below.
> On 05/31/2012 11:31 AM, Luis Nagaki wrote:
>> VPN Client behind a Dlink soho Home
>> conn poller2
>> leftrsasigkey=0sAQOdr36..| (Removed to make it smaller)
>> right=PUBLIC IP OF VPN SERVER
>> rightrsasigkey=0sAQPUN/..| (Removed to make it smaller)
> This looks fine. left is itself, right is the public IP of the server.
>> VPN Server directly connected to internet
>> conn central
>> left=PUBLIC IP of VPN Server
>> leftrsasigkey=0sAQPBY4LedS..| (Removed to make it smaller)
>> rightrsasigkey=0sAQOdr366h..| (Removed to make it smaller)
>> rightnexthop=External IP Of SOHO Device? or should i leave %defaultroute
> This is what is probably causing you trouble.
> left is itself, which is fine.
> right should be the external IP of the client (SOHO device), since that is
> what the VPN server "sees" trying to connect to it.
> Users at lists.openswan.org
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users