[Users] Can't ping gateway and machines behind gateway

• Next message: admin: "[Users] Japanese lass' sexy pictures"
• Previous message: viruswall_at_chrysalis-its.com: "[Users] InterScan NT Alert"
• Next in thread: John A. Sullivan III: "Re: [Users] Can't ping gateway and machines behind gateway"
• Reply: John A. Sullivan III: "Re: [Users] Can't ping gateway and machines behind gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi list,

we want to use Free S/WAN (with X.509 patches) to allow roadwarriors
connecting to our corporate LAN. The roadwarrior notebooks use the ipsec
tools provided at vpn.ebootis.de

It seems that a roadwarrior can establish a tunnel to the VPN gateway,
excerpt from /var/log/messages:
Apr 24 09:19:57 slinux1 Pluto[6559]: | instantiated "roadwarrior" for
62.246.11.140
Apr 24 09:19:57 slinux1 Pluto[6559]: | creating state object #1 at 0x80a4908
Apr 24 09:19:57 slinux1 Pluto[6559]: | ICOOKIE: 62 18 37 80 48 ad 1f 70
Apr 24 09:19:57 slinux1 Pluto[6559]: | RCOOKIE: 45 fb 5c 0c 6e 1c 9d 45
Apr 24 09:19:57 slinux1 Pluto[6559]: | peer: 3e f6 0b 8c
Apr 24 09:19:57 slinux1 Pluto[6559]: | state hash entry 0
Apr 24 09:19:57 slinux1 Pluto[6559]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #1
Apr 24 09:19:57 slinux1 Pluto[6559]: "roadwarrior" 62.246.11.140 #1:
responding to Main Mode from unknown peer 62.246.11.140

I hope I interpret this messages correctly.

Our problem: the roadwarrior can't ping machines on our LAN.

Our LAN looks like this:

Internet
   |
Internet Router (public IP 213.83.5.2 / private IP 192.168.1.97)
   |
Freeswan Gateway (192.168.1.18)
   |
some Windows machines (192.168.1.x)

The freeswan gateway has only one network card, like all other machines in
our LAN except for the Internet Router. Could this be the problem? Is it
necessary for the VPN gateway to have two network cards?
IP forwarding is enabled in the rc.config file of the freeswan gateway, I am
not sure if that does make sense with only one network card.

The internal IP 192.168.1.97 of the internet router has been configured as
default gateway on all our machines, including the freeswan gateway.

Maybe I must add something to /etc/route.conf file on the freeswan gateway?

Any help would be highly appreciated.
ipsec.conf files of gateway and roadwarrior and /var/log/messages are
attached.

By the way:
are there any other (intermediate) debugging levels besides "all" and
"none". The messages file becomes very huge, but I don't want to turn off
debugging completely.

TIA
Gerhard Hofmann

           //////
          ( o o )
   +--.oooO--(_)--Oooo.----------------------------+
   | Gerhard Hofmann |
   | Planat GmbH |
   | Tel. 0711-16756-26 |
   | Fax 0711-16756-99 |
   | .oooO gerhard.hofmann_at_planat.de |
   | ( ) Oooo. |
   +-----\ (----( )------------------------------+
          \_) ) /
                (_/

• application/x-zip-compressed attachment: ipsec.zip

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: admin: "[Users] Japanese lass' sexy pictures"
• Previous message: viruswall_at_chrysalis-its.com: "[Users] InterScan NT Alert"
• Next in thread: John A. Sullivan III: "Re: [Users] Can't ping gateway and machines behind gateway"
• Reply: John A. Sullivan III: "Re: [Users] Can't ping gateway and machines behind gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:53 CEST