I'll create a test setup and report back. I'm running v8.
Met vriendelijke groeten, Boutens Jochen Email: [email protected] From: [email protected] [mailto:[email protected]] On Behalf Of Alexis La Goutte Sent: maandag 31 december 2012 14:51 To: Jochen Boutens Cc: [email protected] Subject: Re: [vpn-help] IPSec VPN to NetASQ not working when client inside same network class. On Mon, Dec 31, 2012 at 1:35 PM, Jochen Boutens <[email protected]> wrote: Hello, You are absolutely right, the problem is a route that I cannot remove. I forgot it was in place. The NetASQ guide makes the client use it's own IP address. Is a setup possible in combination with NetASQ where an extra virtual adaptor is used in the client? Hi Jochen You need to try... You use V8 or V9 Firmware ? Regards, Met vriendelijke groeten, Boutens Jochen Email: <mailto:[email protected]> [email protected] From: [email protected] [mailto:[email protected]] On Behalf Of Alexis La Goutte Sent: maandag 31 december 2012 10:57 To: Jochen Boutens Cc: [email protected] Subject: Re: [vpn-help] IPSec VPN to NetASQ not working when client inside same network class. On Mon, Dec 31, 2012 at 9:58 AM, Jochen Boutens <[email protected]> wrote: Hello, (Some items have been changed, mail addresses, server address, subnets have been changed to another subnet in the same class) VPN Client config export: n:version:4 n:network-ike-port:500 n:network-mtu-size:1380 n:client-addr-auto:1 n:network-natt-port:4500 n:network-natt-rate:15 n:network-frag-size:540 n:network-dpd-enable:1 n:client-banner-enable:0 n:network-notify-enable:1 n:client-dns-used:1 n:client-dns-auto:0 n:client-dns-suffix-auto:0 n:client-splitdns-used:1 n:client-splitdns-auto:0 n:client-wins-used:0 n:client-wins-auto:0 n:phase1-dhgroup:2 n:phase1-keylen:128 n:phase1-life-secs:21600 n:phase1-life-kbytes:0 n:vendor-chkpt-enable:0 n:phase2-keylen:128 n:phase2-life-secs:3600 n:phase2-life-kbytes:0 n:policy-nailed:0 n:policy-list-auto:0 s:network-host:vpn.fake.com s:client-auto-mode:disabled s:client-iface:direct s:network-natt-mode:enable s:network-frag-mode:enable s:client-dns-addr:10.10.68.5 s:client-dns-suffix:fake.com s:auth-method:mutual-psk s:ident-client-type:ufqdn s:ident-server-type:ufqdn s:ident-client-data:[email protected] <mailto:s%3aident-client-data%[email protected]> s:ident-server-data:[email protected] <mailto:s%3aident-server-data%[email protected]> b:auth-mutual-psk:CompletelyFakeKey s:phase1-exchange:aggressive s:phase1-cipher:aes s:phase1-hash:sha1 s:phase2-transform:esp-aes s:phase2-hmac:sha1 s:ipcomp-transform:disabled n:phase2-pfsgroup:2 s:policy-level:unique s:policy-list-include:10.10.68.0 / 255.255.255.0 Ifconfig on the device: >ifconfig em0: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,PPROMISC> mtu 1504 options=5b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,POLLING> ether 00:0d:b4:09:27:db media: Ethernet autoselect (1000baseTX <full-duplex>) status: active lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 1500 inet 127.0.0.1 netmask 0xffffff00 lo1: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500 lo2: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500 lo3: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500 lo4: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500 lo5: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500 enc0: flags=41<UP,RUNNING> mtu 1536 eth0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet 91.*.*.* netmask 0xffffffe0 broadcast 91.*.*.* ether 00:0d:b4:09:29:1c media: Ethernet autoselect (100baseTX <full-duplex>) status: active eth1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> ether 00:0d:b4:09:29:1c media: Ethernet autoselect eth2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet 10.10.68.254 netmask 0xffffff00 broadcast 10.10.68.255 inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255 inet 10.10.61.254 netmask 0xffffff00 broadcast 10.10.61.255 inet 10.10.62.254 netmask 0xffffff00 broadcast 10.10.62.255 ether 00:0d:b4:09:29:1e media: Ethernet autoselect (1000baseTX <full-duplex>) status: active eth3: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> ether 00:0d:b4:09:29:1f media: Ethernet autoselect eth4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet 192.168.231.2 netmask 0xfffffffc broadcast 192.168.231.3 ether 00:0d:b4:09:27:e0 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active eth5: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet 192.168.231.6 netmask 0xfffffffc broadcast 192.168.231.7 ether 00:0d:b4:09:27:e1 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active Met vriendelijke groeten, Boutens Jochen Email: [email protected] Hi Jochen, Thanks for information. No static route in your VPN Gateway ? (to any 10.x.x network ?) It is possible to add also VPN Logs ? (from your VPN Gateway) From: [email protected] [mailto:[email protected]] On Behalf Of Alexis La Goutte Sent: zondag 30 december 2012 18:07 To: [email protected] Cc: [email protected] Subject: Re: [vpn-help] IPSec VPN to NetASQ not working when client inside same network class. Hi Jochen, It is possible to attach your configuration ? How to your VPN Gateway is configured ? (it is possible to attach a ifinfo ?) Regards, On Fri, Dec 28, 2012 at 8:12 AM, Finalbeta <[email protected]> wrote: Hello list, I'm facing a problem with the VPN client (I think it is the client part) when my client is inside the same network class. My tested clients are windows 7 or 8. My company subnet is 10.10.5.0/24 and 10.10.6.0/24 My clients have no problem when they are inside a class B or C subnet. (So clients connecting from 172.16.* or 192.168.* have no problem connecting) The same clients connecting from a local 10.10.*/24 can set up the ipsec tunnel to the company, but it times out. I can get no traffic across it. After several seconds the client gets disconnected. I'm using the netasq guide from the wiki. I've configured the remote networks manually inside the configuration and I am using the local IP address on the client. Thank you Jochen ([email protected]) _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
