|
List Info
Thread: route? problem
|
|
| route? problem |
|
2006-07-21 20:28:43 |
Hi,
I'm having problems with my tunnel.
My setup is:
1: D-Link DI-824VUP+
2: Linux 2.4 with Openswan and Shorewall firewall
The tunnel goes up without any problems and if I initiate
connection
from the D-Link everything works as it should, ping, tcp
connections,
etc.
However, if I try to make any move from the Linux side
nothing
happens. I'm not sure if this is due to the Linux side
having multiple
network cards and such?
D-Link private ip is 192.168.0.1 and network /24.
Linux setup is eth0 = 192.168.1.1, network/24, eth1 = public
ip where
tunnel is initiated.
Route looks like this after a successful tunnel:
Kernel IP routing table
Destination Gateway Genmask Flags Metric
Ref Use Iface
pub.lic.ip.nr * 255.255.255.240 U 0
0 0 eth1
pub.lic.ip.nr * 255.255.255.240 U 0
0 0 ipsec0
192.168.1.0 * 255.255.255.0 U 0
0 0 eth0
192.168.0.0 pub.lic.gt.wy 255.255.255.0 UG 0
0 0 ipsec0
169.254.0.0 * 255.255.0.0 U 0
0 0 eth0
127.0.0.0 * 255.0.0.0 U 0
0 0 lo
default pub.lic.gt.wy 0.0.0.0 UG 0
0 0 eth1
As you can see, the route seems ok.
I've tried checking with tcpdump on the Linux as
tcpdump -i ipsec0 host 192.168.0.1
When I ping from 192.168.0.1 I see the ping request and the
reply.
When I ping from the Linux server I see nothing. If I try a
tcp
connect from Linux to 192.168.0.1 it ends up with a
SYN_SENT, but the
funny thing is that the Linux side ip is listed as my public
ip, not
192.168.1.1 as it should be.
Any ideas? I know I'm rambling at the moment 
--
regards,
Robin
_______________________________________________
Users openswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan:
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
|
|
| route? problem |
|
2006-07-24 19:42:06 |
Anyone? Any ideas why my source address is wrong over the
tunnel?
regards,
Robin
---------- Forwarded message ----------
From: Robin Ericsson <lobbingmail.com>
Date: Jul 21, 2006 10:28 PM
Subject: route? problem
To: usersopenswan.org
Hi,
I'm having problems with my tunnel.
My setup is:
1: D-Link DI-824VUP+
2: Linux 2.4 with Openswan and Shorewall firewall
The tunnel goes up without any problems and if I initiate
connection
from the D-Link everything works as it should, ping, tcp
connections,
etc.
However, if I try to make any move from the Linux side
nothing
happens. I'm not sure if this is due to the Linux side
having multiple
network cards and such?
D-Link private ip is 192.168.0.1 and network /24.
Linux setup is eth0 = 192.168.1.1, network/24, eth1 = public
ip where
tunnel is initiated.
Route looks like this after a successful tunnel:
Kernel IP routing table
Destination Gateway Genmask Flags Metric
Ref Use Iface
pub.lic.ip.nr * 255.255.255.240 U 0
0 0 eth1
pub.lic.ip.nr * 255.255.255.240 U 0
0 0 ipsec0
192.168.1.0 * 255.255.255.0 U 0
0 0 eth0
192.168.0.0 pub.lic.gt.wy 255.255.255.0 UG 0
0 0 ipsec0
169.254.0.0 * 255.255.0.0 U 0
0 0 eth0
127.0.0.0 * 255.0.0.0 U 0
0 0 lo
default pub.lic.gt.wy 0.0.0.0 UG 0
0 0 eth1
As you can see, the route seems ok.
I've tried checking with tcpdump on the Linux as
tcpdump -i ipsec0 host 192.168.0.1
When I ping from 192.168.0.1 I see the ping request and the
reply.
When I ping from the Linux server I see nothing. If I try a
tcp
connect from Linux to 192.168.0.1 it ends up with a
SYN_SENT, but the
funny thing is that the Linux side ip is listed as my public
ip, not
192.168.1.1 as it should be.
Any ideas? I know I'm rambling at the moment
--
regards,
Robin
--
regards,
Robin
_______________________________________________
Usersopenswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan:
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
|
|
| route? problem |
|
2006-07-24 20:20:51 |
On Mon, 2006-07-24 at 21:42 +0200, Robin Ericsson wrote:
> Anyone? Any ideas why my source address is wrong over
the tunnel?
>
If your linux box is left, try adding
leftsourceip=192.168.1.1
to your conn.
(Use rightsourceip = if you're right, of course...)
>
> regards,
> Robin
>
> ---------- Forwarded message ----------
> From: Robin Ericsson <lobbingmail.com>
> Date: Jul 21, 2006 10:28 PM
> Subject: route? problem
> To: usersopenswan.org
>
>
> Hi,
>
> I'm having problems with my tunnel.
>
> My setup is:
> 1: D-Link DI-824VUP+
> 2: Linux 2.4 with Openswan and Shorewall firewall
>
> The tunnel goes up without any problems and if I
initiate connection
> from the D-Link everything works as it should, ping,
tcp connections,
> etc.
>
> However, if I try to make any move from the Linux side
nothing
> happens. I'm not sure if this is due to the Linux side
having multiple
> network cards and such?
>
> D-Link private ip is 192.168.0.1 and network /24.
> Linux setup is eth0 = 192.168.1.1, network/24, eth1 =
public ip where
> tunnel is initiated.
>
> Route looks like this after a successful tunnel:
> Kernel IP routing table
> Destination Gateway Genmask Flags
Metric Ref Use Iface
> pub.lic.ip.nr * 255.255.255.240 U 0
0 0 eth1
> pub.lic.ip.nr * 255.255.255.240 U 0
0 0 ipsec0
> 192.168.1.0 * 255.255.255.0 U 0
0 0 eth0
> 192.168.0.0 pub.lic.gt.wy 255.255.255.0 UG 0
0 0 ipsec0
> 169.254.0.0 * 255.255.0.0 U 0
0 0 eth0
> 127.0.0.0 * 255.0.0.0 U 0
0 0 lo
> default pub.lic.gt.wy 0.0.0.0 UG 0
0 0 eth1
>
> As you can see, the route seems ok.
>
> I've tried checking with tcpdump on the Linux as
> tcpdump -i ipsec0 host 192.168.0.1
>
> When I ping from 192.168.0.1 I see the ping request and
the reply.
> When I ping from the Linux server I see nothing. If I
try a tcp
> connect from Linux to 192.168.0.1 it ends up with a
SYN_SENT, but the
> funny thing is that the Linux side ip is listed as my
public ip, not
> 192.168.1.1 as it should be.
>
> Any ideas? I know I'm rambling at the moment
>
> --
> regards,
> Robin
>
>
> --
> regards,
> Robin
> _______________________________________________
> Usersopenswan.org
> http
://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with
Openswan:
> http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
_______________________________________________
Usersopenswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan:
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
|
|
| route? problem |
|
2006-07-25 05:35:45 |
On 7/24/06, Andy Gay <andyandynet.net> wrote:
> On Mon, 2006-07-24 at 21:42 +0200, Robin Ericsson
wrote:
> > Anyone? Any ideas why my source address is wrong
over the tunnel?
> >
> If your linux box is left, try adding
> leftsourceip=192.168.1.1
> to your conn.
Dead simple of course . However,
I'm not able to find this
documented in my ipsec.conf, otherwise I would have found
it.
Hopefully it's fixed now in newer versions than mine?
--
regards,
Robin
_______________________________________________
Usersopenswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan:
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
|
|
[1-4]
|
|