I'm experimenting with IPsec. I want to see if I can connect two networks
together but am running into problems.
I have little flexibility at the "other" end... the environment I'm using
is a test OpenStack cloud environment. It supports IPsec Gateway VPN but
not OpenVPN. So I configured IPSec at both ends and the negotiation
appears to work, but no traffic is being routed between the networks.
IPsec Associations:
SourceDestinationCreatedLifetimeAgeBytesType50.187.xx.yy169.53.aa.bbMay
27 22:53:17 2015360063336esp mode=tunnel169.53.aa.bb50.187.xx.yyMay 27
22:53:17 20153600630esp mode=tunnel
My astlinux box has public IP of 50.187.xx.yy and the public IP of the
OpenStack VPN gateway is 169.53.aa.bb. My internal network at astlinux end
is 192.168.17.0/24 and the virtual network at the openstack end is
192.168.18.0/24. I have a virtual machine configured on that network and
it is able to access the internet just fine. I can ping the public IP
addresses of both ends from the other ends.
I am not able to mess around with the gateway VPN at the other end so I
cannot look and see what is configured. But on Astlinux I have the
following...
pbx ~ # netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
0.0.0.0 50.187.96.1 0.0.0.0 UG 0 0 0
eth0
50.187.96.0 0.0.0.0 255.255.248.0 U 0 0 0
eth0
192.168.17.0 0.0.0.0 255.255.255.0 U 0 0 0 br1
192.168.18.0 0.0.0.0 255.255.255.0 U 0 0 0 br1
pbx ~ #
pbx ~ # ifconfig
br1 Link encap:Ethernet HWaddr 00:0D:B9:33:15:61
inet addr:192.168.17.1 Bcast:192.168.17.255 Mask:255.255.255.0
inet6 addr: fe80::20d:b9ff:fe33:1561/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1
RX packets:468916 errors:0 dropped:104 overruns:0 frame:0
TX packets:556471 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:69249985 (66.0 MiB) TX bytes:575921175 (549.2 MiB)
eth0 Link encap:Ethernet HWaddr 00:0D:B9:33:15:60
inet addr:50.187.xx.yy Bcast:255.255.255.255 Mask:255.255.248.0
inet6 addr: fe80::20d:b9ff:fe33:1560/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:554365 errors:0 dropped:0 overruns:0 frame:0
TX packets:440068 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:575823212 (549.1 MiB) TX bytes:71908074 (68.5 MiB)
Interrupt:40 Base address:0x4000
eth1 Link encap:Ethernet HWaddr 00:0D:B9:33:15:61
inet6 addr: fe80::20d:b9ff:fe33:1561/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1
RX packets:471125 errors:0 dropped:0 overruns:0 frame:0
TX packets:555754 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:76019519 (72.4 MiB) TX bytes:575483412 (548.8 MiB)
Interrupt:41 Base address:0x6000
eth2 Link encap:Ethernet HWaddr 00:0D:B9:33:15:62
inet6 addr: fe80::20d:b9ff:fe33:1562/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1
RX packets:970 errors:0 dropped:0 overruns:0 frame:0
TX packets:13541 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:292026 (285.1 KiB) TX bytes:2333516 (2.2 MiB)
Interrupt:42 Base address:0x8000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:37036 errors:0 dropped:0 overruns:0 frame:0
TX packets:37036 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3273747 (3.1 MiB) TX bytes:3273747 (3.1 MiB)
pbx ~ #
So the routing table is adding 192.168.18.0/24 but it is pointing to
interface br1, is that right? And ifconfig does not show any interface for
IPsec that I would have expected (but I will add that I have never done
this before so maybe I don't know what I should expect). Syslog is not
reporting anything either.
Any suggestions?
Thanks
David
------------------------------------------------------------------------------
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
