Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-02 Thread Yannick Lecaillez
Don't know if it same but i suceed too when i added a second default route to the eth used by ipsec (but the previous one was no used anymore). The problem about the select() stage comes because i have two DSL connection : one for multi-usage (Internet) and one for the VPN traffic only. If i

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-02 Thread Yannick Lecaillez
Le ven 02/07/2004 à 11:21, Jacco de Leeuw a écrit : When I read your reply, I almost wet myself. I added the printf statements to the source, (l2tpd: network.c / around line 327) printf(select\n); select (max + 1, readfds, NULL, NULL, NULL); printf(select ok\n); I don't get it. This

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-02 Thread Yannick Lecaillez
Le ven 02/07/2004 à 12:15, Arya a écrit : It's not select() that's the problem. It's the default routing table :) ipsec will add a route for the netmask of eth0 to be 'redirected' to the ipsec interface, but it wont add any other routes. Thus, if the packet isn't from the same subnet, it

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-02 Thread Jean-Francois Dive
On Fri, Jul 02, 2004 at 08:15:38PM +1000, Arya wrote: It's not select() that's the problem. yes that i was sure already :) It's the default routing table :) ipsec will add a route for the netmask of eth0 to be 'redirected' to the ipsec interface, but it wont add any other routes. Thus, if

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Jean-Francois Dive
i'd say that it works on the local lan by chance, probably. Take a look to the traffic coming on your ppp inerface and see if you see the client packets. Maybe it is simply a route problem on the client or something like that. On Thu, Jul 01, 2004 at 11:36:03AM +1000, Arya wrote: G'day guys,

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Arya
No attempt is made by l2tp to actually initiate the ppp interface =\ It cant be a routing issue, because an IPSec tunnel is successfully established...right? Arya On Thursday 01 July 2004 17:16, Jean-Francois Dive wrote: i'd say that it works on the local lan by chance, probably. Take a look

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Jacco de Leeuw
Arya wrote: Everything works like a charm, if the client is on the same subnet as the server (ie, if direct delivery occurs), else (if it's routed), it breaks I dont suspect IPSec to be the cause, because it seems to be behaving the same way regardless of whether it is on the same subnet or

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Jean-Francois Dive
ah ok :) thought the l2tp session was established from your readings, didn't looked at the logs .. ok, so it receive the request from the win side, so we can assume ipsec is ok for rx (l2tp prospective). Could you check that the l2tp reply from the l2tpd side goes trough the tunnel back to the

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Arya
Nope, everything is fully public (ie, there is no NAT). For the sake of testing, we're using 10.0.0.0/8 IPs as the IPs pppd assigns (after contacting radius), and a NAT server running on the VPN server. There is no NAT between the VPN server and the VPN client. With regard to

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Arya
Yep, packets being sent both ways can be seen (i put a hub between the client and the router and plugged another workstation in to capture packets). There is no ppp interface, as pppd hasn't been called yet... Arya On Thursday 01 July 2004 17:16, Jean-Francois Dive wrote: i'd say that it

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Arya
on a tcpdump on the ipsec0 interface, the only thing I get is this: 19:48:27.886094 client.domain.com.1701 vpnserver.domain.com.1701: l2tp: [TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |... ..over and over again.. I dont seem to be able to see any messages

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Jacco de Leeuw
Arya wrote: There is no NAT between the VPN server and the VPN client. Then you need to remove the rightsubnetwithin line. (Perhaps this is ruining your routing?). With regard to 'rightsubnetwithin=0.0.0.0/0' being insecure, we want the entire world to be able to access the VPN server. You

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Arya
Worth a shot :) rightsubnetwithin line is gone. ipsec restarted. no difference. same tcpdump info as before, same l2tpd debug info as before, same ipsec info as before. Heres my routing table: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Arya Abdian
Also, added rightsubnet=vhost:%no,%priv (because there is always the possibility of some of the clients being NATed) Slackware is basically just plain vanilla linux with packages. The base linux kernel works fine with a slackware distribution. Arya On Thursday 01 July 2004 20:02, Jacco de

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Arya
hehe, this is true :) theoretically though, that shouldn't be the reason why l2tpd breaks if (and only if) the client is on a different subnet... Arya On Thursday 01 July 2004 20:17, Jacco de Leeuw wrote: Heres my routing table: Kernel IP routing table Destination Gateway

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Jean-Francois Dive
from everything we have seen, it looks clear that the l2tp traffic that l2tpd send does not goes trough the tunnel. As you use KLIPS, you require that routing is properly set. You should find the l2tpd reply on your lan unprotected, if this is the case, then you have your problem. On Thu, Jul 01,

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Yannick Lecaillez
In precision of my previous post : this is what i added to the network.c for see the problem : (l2tpd: network.c / around line 327) printf(select\n); select (max + 1, readfds, NULL, NULL, NULL); printf(select ok\n); Sure, it's really simple ... But permit to discover the problem : select is

Re: L2TPD/openswan with XP/2000 clients only works in same subnet?

2004-07-01 Thread Arya
Hi, When I read your reply, I almost wet myself. I added the printf statements to the source, as you said, however when the client on a different subnet connects it would appear that it continues past that select() statement (ie, select ok is seen). Therefore the cause cant be this =| Also,