[Openswan Users] Routing with virtual network

Mike James mike.james at clutch.com
Tue Jan 21 15:49:50 EST 2014


I’m setting up an OpenSWAN endpoint for remote workers. Our office network is 192.168.2.0/24 and some of our remote workers have the same network at home. I have xl2tp configured to hand out addresses in the 192.168.30.0/24 network. I don’t understand what routes need to be in place.

root at vpn:~# cat /etc/xl2tpd/xl2tpd.conf
[global]
   ipsec saref = yes
   listen-addr = 192.168.2.248

[lns default]
   ip range = 192.168.30.2-192.168.30.254
   local ip = 192.168.30.1
   refuse chap = yes
   refuse pap = yes
   require authentication = yes
   ppp debug = yes
   pppoptfile = /etc/ppp/options
   length bit = yes

The tunnel is up:
000 #8: "L2TP-PSK-NAT"[5] 108.16.194.188:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 2954s; newest IPSEC; eroute owner; isakmp#7; idle; import:not set
000 #8: "L2TP-PSK-NAT"[5] 108.16.194.188 esp.b20af93 at 108.16.194.188 esp.d6803493 at 192.168.2.248 ref=0 refhim=4294901761

My remote IP is in the correct range:
mikes-mbp:~ mike$ ifconfig ppp0
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
inet 192.168.30.2 --> 192.168.30.1 netmask 0xffffff00

I can ping the “virtual” endpoint (192.168.30.1) but nothing inside the 192.168.2.0/24 network. I know it’s a routing problem – throwing in the “virtual” network is confusing to me. What routes do I need to add to the server?

Mike
--


Michael James
Sr. Network Engineer
267-419-6400, x204
mike.james at clutch.com
        [Clutch]
The Premiere loyalty, rewards, and gifting platform
for consumer-focused brands and retailers.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140121/47ec4d06/attachment.html>


More information about the Users mailing list