Hi there,
I have read GuitarLynn's "Basic IPSec VPN HowTo" at
http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt and have set out to
build a subnet to subnet scenario using the modified Dachstein image Lynn
supplied.
My setup is the following:
Sunrise (192.168.1.1)
|
West (internal: 192.168.1.254/external: 209.107.110.181)
|
Internet
|
East (internal: 192.168.0.254/external: 209.107.104.142)
|
Sunset (192.168.0.1)
West and East and both plugged into a switch that has a DSL connection
plugged in also. They each get an IP address from my ISP via DHCP. This is
not the scenario I intend to use the VPN in, but I was hoping to be able to
test it this way. I get the same IP addresses from the ISP often enough to
pretend that they're static for the purposes of testing.
East and West are running the Dachstein image with IPSec included using
shared secret authentication.
Sunrise and Sunset are Windows boxes.
I have a connection defined in ipsec.conf called "vpn".
If I do:
ipsec auto --up vpn
The results are:
104 "vpn" #1: STATE_MAIN_I1: initiate
106 "vpn" #1: STATE_MAIN_I2: from STATE_MAIN_I1; sent MI2; expecting MR2
108 "vpn" #1: STATE_MAIN_I3: from STATE_MAIN_I2; sent MI3; expecting MR3
004 "vpn" #1: STATE_MAIN_I4: ISAKMP SA established
112 "vpn" #2: STATE_QUICK_I1: initiate
004 "vpn" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
My reading leads me to believe that this means the VPN is successfully
authenticated and up. However, any attempts to ping Sunrise from Sunset or
vice-versa are unsuccessful. Oddly, I can ping the Internal IP address of
West from Sunset (only while the VPN is up). However, I cannot ping East's
internal interface from Sunrise.
(Note that all pinging is done using IP addresses as I haven't looked into
name resolution yet).
The key bits of my connection configuration are below. For a full "ipsec
barf" including all config files, logs, etc, see
http://www.cs.uleth.ca/~schelld4/vpn/barf.txt
config setup
interfaces=%defaultroute
conn %default
type=tunnel
left=209.107.110.181
leftsubnet=192.168.1.0/24
leftnexthop=207.107.96.1 (default gateway of my isp)
leftfirewall=yes
conn vpn
right=209.107.104.142
rightsubnet=192.168.0.0/24
rightnexthop=209.107.96.1
rightfirewall=yes
auto=add
The results of route -n on East(192.168.0.254):
Destination Gateway Genmask Flags Iface
192.168.1.0 209.107.96.1 255.255.255.0 UG ipsec0
192.168.0.0 0.0.0.0 255.255.255.0 U eth1
209.107.96.0 0.0.0.0 255.255.240.0 U eth0
209.107.96.0 0.0.0.0 255.255.240.0 U ipsec0
0.0.0.0 209.107.96.1 0.0.0.0 UG eth0
If anyone is able to shed any light on what is preventing pings from getting
from Sunrise to Sunset, I would appreciate it very much.
Kernel version and other odds and ends for the LEAF images I'm using can be
found at http://www.cs.uleth.ca/~schelld4/vpn/info.txt
Kindest regards,
Darren Schell
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
- Re: [leaf-user] Cannot ping through IPSec VPN tunnel Darren Schell
- Re: [leaf-user] Cannot ping through IPSec VPN tunnel Lynn Avants
- Re: [leaf-user] Cannot ping through IPSec VPN tunnel Darren Schell
