Hello!
I'm trying to set up a VPN between a Windows 2000 notebook and a Bering 1.2 LEAF firewall, running SuperFreeS/WAN 1.99.6.2.
On this firewall, I have two tunnels set up. One is a tunnel between two LEAF firewalls bridiging two subnets, and works great. The other is a tunnel designed for road warrior usage. I'm using the Windows 2000 VPN tool (http://vpn.ebootis.de/) on the 2000 notebook to try to connect to my LEAF firewall.
If I connect the notebook directly to the Internet with a real-world IP, it works great. If, however, I put it behind a router (in this case, a Linksys BEFSR41) it does not work. I've made sure that IPsec passthru is turned on in the Linksys, and it is. I can browse the Internet from behind the router, but not connect to the VPN.
Here is the relevant parts of my firewall's ipsec.conf:
config setup interfaces=%defaultroute klipsdebug=none plutodebug=none plutoload=%search plutostart=%search uniqueids=yes
conn %default keyingtries=3
conn RoadWarrior authby=secret left=<FirewallExternalIP> leftsubnet=<InternalNetwork>/22 leftnexthop=<FirewallExternalGateway> leftfirewall=yes right=%any keylife=30m auto=add
Also, here is the Windows computer's ipsec.conf:
conn AmherstOfficeToRoadWarrior left=<FirewallExternalIP> leftsubnet=<InternalNetwork>/255.255.252.0 right=%any presharedkey=<SharedKey> network=lan rekey=1800S/30000K auto=start pfs=yes
Like I said, the VPN works when not behind the router, so I know that the IP's and shared secret are correct.
Here are the errors I get on the LEAF firewall. I'm typing these by hand, so I'm only including what look to be the interesting parts. If you need more, let me know.
"RoadWarrior"[1] <Linksys IP> #3 responding to Main Mode from unknown peer <Linksys External IP>
"RoadWarrior"[1] <Linksys IP> #3 Main mode peer ID is ID_IPV4_ADDR: <Internal IP of notebook behind Linksys>
"RoadWarrior"[1] <Linksys IP> #3 No suitable connection for peer '<Internal IP of notebook behind Linksys>
"RoadWarrior"[1] <Linksys IP> #3 sending notiviation INVALID_ID_INFORMATION to <Linksys External IP>:500
These lines repeat several times.
As you can see, the LEAF firewall sees the packets as coming from the Linksys IP address (because of NAT), but the packets themselves say that the endpoint has the IP address of an internal-to-the-Linksys IP. Obviously, this is not correct.
What do I need to do to make this work? I was told that the IP passthru was supposed to be transparent and just plug-in-and-go. I've *never* found anything related to IPsec plug-in-and-go: why should this be any different? :)
Any suggestions would be *greatly* appreciated! Thank you!
Tim Massey
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
