OK, I have a new problem now, and I think it's a step in the right direction. :)
My Packets aren't going to the Internet, they go to Limbo. Now, since IPcop2 doesn't respond to pings (or tracert, same thing, I guess), I think we're making progress. When Desktop Pings, IPcop1 responds, but then it just times out after that. SO... I THINK it's reaching IPcop2 now, and perhaps even IPcop3. I put up a copy of the routing table from IPcop1 at http://www.seminolegas.com/route.jpg I think this is now correct... Kev. ----- Original Message ----- From: "Kevin Anderson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 05, 2003 10:49 AM Subject: Re: (clug-talk) Routing question > Tried it. > > My problem still seems to be that packets destined for Server are sent out > onto the Internet rather than going across the VPN and staying inside the > LAN. There are (Different) internet Connections at IPcop1 and IPcop2. > Rather than being passed across the VPN, the packets are being sent out onto > the Internet. Which is the default route. > > Kev. > > > ----- Original Message ----- > From: "Trevor Lauder" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, February 05, 2003 10:05 AM > Subject: Re: (clug-talk) Routing question > > > > With the route command you can try using -host instead of -net and add > > the gw parameter but the gw parameter shouldn't matter as it will send > > it out the default gw device if you don't specify it. Try as someone > > else recommended (sorry can't remember name and I don't have the email > > in front of me right now :) and ping the external side of ipcop3 from > > desktop. If you can't ping it but you can ping the internal side of ipcp3 > > then there is either something wrong with the routing on it or with the > > NAT. My guess would be ipcop3 isn't > > configured to NAT the 192.168.14.0 network and it's only NATing the > > 192.168.13.0 network. > > > > Cheers, > > > > -- > > Personal: > > > > Trevor Lauder > > Web: http://www.thelauders.net > > E-Mail: [EMAIL PROTECTED] > > > > Work: > > > > Trevor Lauder > > Technical Services Specialist > > Wireless Networks Inc. > > Web: http://www.wirelessnetworksinc.com > > E-Mail: [EMAIL PROTECTED] > > > > Kevin Anderson said: > > > Everything in the 193.168.13.0/24 LAN can ping Server. So IPcop 2 & 3 > > > Can ping it as well as 25 (or so) desktops. > > > > > > Using tracert, I see only one hop. > > > > > > Desktop gets a response from 192.168.14.1 (IPcop1), But then nothing > > > except timeouts. > > > > > > I suspect It's my entry on IPcop1 that is the problem. I don't think > > > IPcop1 knows what I'm trying to do. > > > > > > my exact entry was... > > > > > > route add -net 204.239.225.162 netmask 255.255.255.255 dev ipsec0 > > > > > > This is a bit more advanced that where I'm normally at (VPNs make > > > things complicated). > > > > > > As much as I've specified -net, it is entered into the routing table > > > as a host rather than a network, so I didn't think that was the issue. > > > > > > What I am wondering about, is should I have a gw 192.168.13.1 entry > > > appended to that line? Or does the dev ipsec0 imply that? > > > > > > Kev. > > > > > > > > > ----- Original Message ----- > > > From: "Trevor Lauder" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Wednesday, February 05, 2003 9:32 AM > > > Subject: Re: (clug-talk) Routing question > > > > > > > > >> Can anything between ipcop2 and ipcop3 ping server? It's hard to say > > >> where it's failing, so I would put a sniffer on ipcop3 listening on > > >> eth1 (That's the interface going to server right?). Then with the > > >> siffer running there I would ping from desktop to server and watch > > >> the echo requests/replys on ipcop3 eth1. Depending on if you get > > >> requests going out and no replys coming in or any other combination, > > >> it will help troubleshoot this further. Let us know what you find > > >> out. > > >> > > >> Cheers, > > >> > > >> -- > > >> Personal: > > >> > > >> Trevor Lauder > > >> Web: http://www.thelauders.net > > >> E-Mail: [EMAIL PROTECTED] > > >> > > >> Work: > > >> > > >> Trevor Lauder > > >> Technical Services Specialist > > >> Wireless Networks Inc. > > >> Web: http://www.wirelessnetworksinc.com > > >> E-Mail: [EMAIL PROTECTED] > > >> > > >> Kevin Anderson said: > > >> > I have a routing issue that I can't figure out. > > >> > > > >> > Here's the situation. Unless spelled out in full, IPs are > > >> > 192.168.X.X/24 > > >> > > > >> > Desktop ------- IPCOP1 ======= IPCOP2 --------- IPCOP3 ======== > > >> Server. 14.100 LAN 14.1 VPN 13.1 LAN 13.2 > > >> Untrusted 204.239.225.162 > > >> > > > >> > I can Ping from the desktop to IPCOP3, (192.168.14.100 to > > >> 192.168.13.2), however I can't reach Server. > > >> > > > >> > Here's what I've done that should matter. > > >> > > > >> > outbound. > > >> > IPcop 1 has a route to 204.239.225.162/32 on dev ipsec0 (I can't > > >> ping the next hop, so I can't add the route) IPcop2 has a route for > > >> 204.239.225.162/32 to IPcop3 > > >> > IPcop3 has a route to 204.239.225.162/32 on eth1 > > >> > > > >> > inbound. > > >> > IPcop3 has a default route of IPcop2 > > >> > IPcop2 has a route for 192.168.14.0/24 across the VPN to IPcop 1 > > >> IPcop1 is in the same LAN as Desktop. > > >> > > > >> > Here's the situation. > > >> > Desktop can ping IPcop3, (anything in the 13.0 LAN.) > > >> > Anything in the 13.0 LAN can ping Desktop. > > >> > Desktop cannot reach server. > > >> > Server is not mine, so I can't test the reverse, but I suspect > > >> it'll > > >> fail. The 13.0 LAN can reach Server. > > >> > > > >> > This connection gets NATted at IPcop3 > > >> > > > >> > Thanks In Advance > > >> > Kev. > > > > > > > > > > >
