[Openswan Users] Roadwarrior setup to Draytek Vigor
Thorsten Meinl
Thorsten.Meinl at uni-konstanz.de
Wed Feb 27 11:28:11 EST 2013
Hi Michael,
>> Roadwarrior behing NAT (currently 192.168.0.11) <-->
>> VPN gateway (212.126.160.54) <-->
>> private network (172.17.17.0/24)
>
> where is the relation to Draytek? The client behind Draytok initiates
> the connection?
The Draytek router is guarding the VPN I'm trying to connect to. It's
probably unrelated to Draytek, since I assume the problem is purely on
my Linux side. The client can be behind any router.
>> conn zurich
>> authby=rsasig
>> pfs=no
>> rekey=yes
>> keyingtries=3
>> type=tunnel
>> left=%defaultroute
>> leftprotoport=17/1701
>> leftrsasigkey=%cert
>> leftcert=knime-vpn.pem
>> right=212.126.160.54
>> rightid="C=CH, ..."
>> rightprotoport=17/1701
>> rightcert=knime-router.pem
>> rightsubnet=172.17.17.0/24
>> auto=start
>
> This is not a RW setup?
Why? I also tried with type=transport if this is what you are aiming at,
but the results were the same (no success). Only the "ip xfrm policy"
output looks a bit different.
>> However, when I ping any of the host in the private network, e.g.
>> 172.17.17.2 I don't see any encrypted packages in tcpdump/wireshark, but
>> only direct connections. In the end I get "Destination Net Unreachable"
>> from the roadwarriors NAT router. What I am doing wrong here?
>>
>>
> Don't get it, which device initiates the VPN? conn zurich uses l2tp
> setup, don't thin the Draytek supports it.
I'm not using any L2TP, I want to connect directly via IPSEC. This is
why I'm using RSA certificates. The Draytek router support both, btw.
Thanks so far,
Thorsten
--
Dr.-Ing. Thorsten Meinl room: Z813
Nycomed Chair for Bioinformatics fax: +49 (0)7531 88-5132
and Information Mining phone: +49 (0)7531 88-5016
Box 712, 78457 Konstanz, Germany
More information about the Users
mailing list