IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Routing fun! - NATed gateway to gateway with dynamic IP?

From: Simon (simon_at_highlyillogical.org)
Date: Mon Apr 22 2002 - 18:56:38 CEST

Apologies, newbie here... excuse terminology (or lack thereof) and
convoluted explanation.

I'm trying to get an ipsec connection between our small office (192.168.1.x
subnet, linux gateway eth0-192.168.1.1 points to the local subnet,
eth1-192.168.0.25 NATed by cisco router (192.168.0.2) to recieve all traffic
for external ip a.b.c.d)

And a home LAN using ADSL connection. dynamically assigned IP, (e.f.g.h) no
router (linux box connected straight to ADSL modem), and subnet 192.168.2.x

Everything connects fine and I seem to have a valid connection, but I can't
ping through the tunnel. So, my guess is routing is not working as it's
supposed to.

Currently, my ipsec.conf looks like this...

left machine (home network, dynamic ip):

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn tooffice
        left=%defaultroute
        leftsubnet=192.168.2.0/24
        leftnexthop=
        right=a.b.c.d
        rightsubnet=192.168.1.0/24
        rightnexthop=192.168.0.2
        auto=add
        auth=esp
        leftid=@some.id.for.left
        rightid=@some.id.for.right
        authby=rsasig
        leftrsasigkey=key
        rightrsasigkey=key

right machine: (office server):

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn tohome
        left=0.0.0.0
        leftsubnet=192.168.2.0/24
        leftnexthop=
        right=192.168.0.25
        rightsubnet=192.168.1.0/24
        rightnexthop=192.168.0.2
        auto=add
        auth=esp
        leftid=@some.id.for.left
        rightid=@some.id.for.right
        authby=rsasig
        leftrsasigkey=key
        rightrsasigkey=key

When the connection is up, my routing tables look like this:

left machine:

Destination Gateway Genmask Flags Metric Ref Use
Iface
e.f.g.h 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
e.f.g.h 0.0.0.0 255.255.255.255 UH 0 0 0
ipsec0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 e.f.g.h 255.255.255.0 UG 0 0 0
ipsec0
0.0.0.0 e.f.g.h 0.0.0.0 UG 0 0 0 ppp0

right machine: (something smells wrong here - no routable ip addresses?)

192.168.2.0 192.168.0.2 255.255.255.0 UG 0 0 0
ipsec0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
ipsec0
0.0.0.0 192.168.0.2 0.0.0.0 UG 0 0 0 eth1

Sorry this is lengthy... I pulled my hair out all weekend over this one.
Other details: ip forwarding enabled on both machines, firewall disabled on
both machines for the purposes of this test.

Any ideas gratefully recieved.
Simon

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:52 CEST