Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Routing Problem (perhaps simple, but not for me)

From: Kevin Gerbracht (kevin_gerbracht_at_hotmail.com)
Date: Mon Jul 22 2002 - 18:41:38 CEST

Next message: Adrian Blockus: "[Users] How do I configure virtual IPs in freeswan"
Previous message: Andreas Steffen: "Re: [Users] ipsec 1.98b and SSH sentinel 1.3 (build 47)"
Next in thread: Fred Mobach: "Re: [Users] Routing Problem (perhaps simple, but not for me)"
Reply: Fred Mobach: "Re: [Users] Routing Problem (perhaps simple, but not for me)"
Maybe reply: Kevin Gerbracht: "Re: [Users] Routing Problem (perhaps simple, but not for me)"
Maybe reply: Kevin Gerbracht: "Re: [Users] Routing Problem (perhaps simple, but not for me)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Mailinglist,

I have so following situation (Using FreeS/WAN 1.98b/X509_0.9.9.13)

  Client(RW) 192.168.0.1 / 24 (->Nat=70.0.0.3)
     |
     .
     .
     | 192.168.0.2 / 24
  VPN-Gate
       | 70.0.0.1 / 24
       |
       x <--
       | 70.0.0.2 / 24
  Router
    | 60.0.0.1 / 24
    |
    |
    |
  Target 60.0.0.2 / 24
                                      x=Network Sniffer

I build the Tunnel between the CLient and the VPN-Gate.

Then i do NAT on the Client (Postrouting/Prerouting) to get the
Client-IP: 70.0.0.3

The Tunnel is up and running. I can ping (from Client) the VPN-Gate-Sides
(192. & 70.) and one Router-Side(70.0.0.2). I can´t ping the Target
(60.0.0.2)

The Router has been corectly configured.
The Target can ping all the way to the 70.0.0.1-side on the vpn-gate
The VPN Gate can ping all the way to the 60.0.0.2 Target

If i "ping 60.0.0.2" (from the Client), i will not see any pakets on Point
X, because the pakets don´t get into the Tunnel.

What must i do to establish a Client-connection to and from the Target
(60.0.0.2) ???
There is no route for pakets from the Client to the 60.0.0.0/24 network
but i can´t get one established. Can someone give me some tipps.

kind regards

Kevin Gerbracht

Kevin_Gerbracht_at_hotmail.com

------------------------------------------------------------------------

Route befor ipsec
-----------------
Ziel Router Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.0.2 0.0.0.0 UG 0 0 0 eth0

Route after ipsec
-----------------
62.104.180.200 192.168.0.2 255.255.255.248 UG 0 0 0 ipsec0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 0 0 0 ipsec0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.0.2 0.0.0.0 UG 0 0 0 eth0

Ipsec eroute
0 70.0.0.3/32 -> 70.0.0.0/24 => tun0x1002_at_192.168.0.2

conn

---- left=192.168.0.2 leftsubnet=70.0.0.0/255.255.255.0

right=192.168.0.1 rightsubnet=70.0.0.3/32

_________________________________________________________________ Mit MSN Fotos können Sie kinderleicht Ihre Fotos ausdrucken und Freunden zur Verfügung stellen: http://photos.msn.de

_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users

Next message: Adrian Blockus: "[Users] How do I configure virtual IPs in freeswan"
Previous message: Andreas Steffen: "Re: [Users] ipsec 1.98b and SSH sentinel 1.3 (build 47)"
Next in thread: Fred Mobach: "Re: [Users] Routing Problem (perhaps simple, but not for me)"
Reply: Fred Mobach: "Re: [Users] Routing Problem (perhaps simple, but not for me)"
Maybe reply: Kevin Gerbracht: "Re: [Users] Routing Problem (perhaps simple, but not for me)"
Maybe reply: Kevin Gerbracht: "Re: [Users] Routing Problem (perhaps simple, but not for me)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:25 CEST