[Openswan Users] Routing with virtual network
Mike James
mike.james at clutch.com
Tue Jan 21 15:49:50 EST 2014
I’m setting up an OpenSWAN endpoint for remote workers. Our office network is 192.168.2.0/24 and some of our remote workers have the same network at home. I have xl2tp configured to hand out addresses in the 192.168.30.0/24 network. I don’t understand what routes need to be in place.
root at vpn:~# cat /etc/xl2tpd/xl2tpd.conf
[global]
ipsec saref = yes
listen-addr = 192.168.2.248
[lns default]
ip range = 192.168.30.2-192.168.30.254
local ip = 192.168.30.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options
length bit = yes
The tunnel is up:
000 #8: "L2TP-PSK-NAT"[5] 108.16.194.188:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 2954s; newest IPSEC; eroute owner; isakmp#7; idle; import:not set
000 #8: "L2TP-PSK-NAT"[5] 108.16.194.188 esp.b20af93 at 108.16.194.188 esp.d6803493 at 192.168.2.248 ref=0 refhim=4294901761
My remote IP is in the correct range:
mikes-mbp:~ mike$ ifconfig ppp0
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
inet 192.168.30.2 --> 192.168.30.1 netmask 0xffffff00
I can ping the “virtual” endpoint (192.168.30.1) but nothing inside the 192.168.2.0/24 network. I know it’s a routing problem – throwing in the “virtual” network is confusing to me. What routes do I need to add to the server?
Mike
--
Michael James
Sr. Network Engineer
267-419-6400, x204
mike.james at clutch.com
[Clutch]
The Premiere loyalty, rewards, and gifting platform
for consumer-focused brands and retailers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140121/47ec4d06/attachment.html>
More information about the Users
mailing list