May be the content of the server log and laptop log will help better. But as you mentioned, from 10.0.0.x destination packets are comming to the server and then it is being vanished? (u said, u checked the log, nothing is dropped...what does those nothing include really?...)
If this is the case, see the route table...is it routining all packets to the ipsec0 (before in the route list than eth0) virtual interface? looks like its routining through eth0 and the eth0 is sending it out to outside network than sending to the ipsec tunnel.
Did you find in the /var/log/messages that "packet ownership changed to ipsec....blah blah...."?
regards
shishir
Charles Mauch <xterminus_at_myrealbox.com> wrote:
>I'm trying to setup an ipsec tunnel from my laptop (linux) to my server at
>home (linux). I was able to configure freeswan and get a tunnel up and
>running between the two, but actually communicating with my server or with
>any of the clients behind it through that tunnel is something of a problem.
>
>All of the clients that I'm trying to communicate are using reserved ip
>addresses and are behind the linux server which is provinding NAT
>translation as well as firewalling.
>
>It looks like my server is either dropping packets from my laptop or I need
>to establish some additional routing routing (I think).
>
>My config looks something like this..
>
>leftid=@servername
>left=publicip addr
>leftsubnet=10.0.0.0/24
>leftfirewall=yes
>right=%any
>rightid=@laptop.servername
>auto=add
>
>I log all dropped packets on the server, and I don't see anything being
>dropped by the firewall, so I'm assuming it's a routing or reverse-nat
>problem.
>
>A tcpdump on my laptop shows pings heading out of the ipsec0 interface
>to a 10.0.0.x address. (Which is what I intended to do).
>
>Do I need to establish some sort of reverse nat translation in order to
>translate public ip addresses arriving through the ipsec tunnel into
>10.0.0.x addresses? I spent quite a bit of time going through the
>documentation on the website, but I didn't see anything that pointed to
>a problem like this - other than the firewall might be causing a problem
>(which I'm fairly certain it is not).
>
>Any ideas anyone has would be appreciated.
>
>Thanks, and take it easy,
> Charles Mauch <xterminus_at_myrealbox.com>
>
>Please encrypt personal email with GnuGP.
>_______________________________________________
>Users mailing list
>Users_at_lists.freeswan.org
>http://lists.freeswan.org/mailman/listinfo/users
>
__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop_at_Netscape! http://shopnow.netscape.com/
Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:24 CEST