[Openswan Users] Roadwarrior setup to Draytek Vigor

Thorsten Meinl Thorsten.Meinl at uni-konstanz.de
Wed Feb 27 11:28:11 EST 2013


Hi Michael,

>> Roadwarrior behing NAT (currently 192.168.0.11) <-->
>> VPN gateway (212.126.160.54) <-->
>> private network (172.17.17.0/24)
> 
> where is the relation to Draytek? The client behind Draytok initiates 
> the connection?
The Draytek router is guarding the VPN I'm trying to connect to. It's
probably unrelated to Draytek, since I assume the problem is purely on
my Linux side. The client can be behind any router.

>> conn zurich
>>          authby=rsasig
>>          pfs=no
>>          rekey=yes
>>          keyingtries=3
>>          type=tunnel
>>          left=%defaultroute
>>          leftprotoport=17/1701
>>          leftrsasigkey=%cert
>>          leftcert=knime-vpn.pem
>>          right=212.126.160.54
>>          rightid="C=CH, ..."
>>          rightprotoport=17/1701
>>          rightcert=knime-router.pem
>>          rightsubnet=172.17.17.0/24
>>          auto=start
> 
> This is not a RW setup?
Why? I also tried with type=transport if this is what you are aiming at,
but the results were the same (no success). Only the "ip xfrm policy"
output looks a bit different.

>> However, when I ping any of the host in the private network, e.g.
>> 172.17.17.2 I don't see any encrypted packages in tcpdump/wireshark, but
>> only direct connections. In the end I get "Destination Net Unreachable"
>> from the roadwarriors NAT router. What I am doing wrong here?
>>
>>
> Don't get it, which device initiates the VPN? conn zurich uses l2tp 
> setup, don't thin the Draytek supports it.
I'm not using any L2TP, I want to connect directly via IPSEC. This is
why I'm using RSA certificates. The Draytek router support both, btw.

Thanks so far,

Thorsten


-- 
Dr.-Ing. Thorsten Meinl               room: Z813
Nycomed Chair for Bioinformatics      fax: +49 (0)7531 88-5132
and Information Mining                phone: +49 (0)7531 88-5016
Box 712, 78457 Konstanz, Germany


More information about the Users mailing list