[Users] network connection w/ RoadWarrior and IP network

From: Garry Glendown (garry_at_glendown.de)
Date: Mon Jul 29 2002 - 22:15:17 CEST

• Next message: postmaster: "*****SPAM***** [Users] Returned mail--"BMP 19,696 06""
• Previous message: Tobias Hau: "[Users] INVALID_COOKIE"
• Next in thread: Jon Erdman: "Re: [Users] network connection w/ RoadWarrior and IP network"
• Reply: Jon Erdman: "Re: [Users] network connection w/ RoadWarrior and IP network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

After trying to solve this for a while now, I'm kind of out of options
...

OK, here's the setup ...

external net --- Cisco --- DSL-Router --- INTERNET --- Linux
                                                    |
                                                    --- Cisco

The DSL Router is a LinkSys VPN router, and the plain VPN connection
between it and FreeS/WAN is up and running fine (AFAIK).
I need to connect an external net (with official IPs) through the VPN,
which I had planed to do using a GRE tunnel between the two Cisco
routers.
As an example, take the following IPs:

external net: 10.0.3.0/24
Local net w/ Cisco & DSL Router: 10.0.1.0/24
Central net w/ Cisco and FreeS/WAN: 10.0.2.0/24

FreeS/WAN: 10.0.64.35
DSL-Router: dynamic IP / RoadWarrior

When I do a ping from the internet, I can see the VPN-Packets leaving
the Linux box, but I do not seem to have decent debugging options on the
other side ...

Here's an extract of the FreeS/Wan config:

conn ebe-fd
        # Left security gateway, subnet behind it, next hop toward
right.
        left=10.0.64.35
        leftsubnet=10.0.2.0/24
        leftnexthop=10.0.64.1
        # Right security gateway, subnet behind it, next hop toward
left.
        right=%any
        rightsubnet=10.0.3.0/24
        # To authorize this connection, but not actually start it, at
startup,
        # uncomment this.
        authby=secret
        auto=add
        keyingtries=1
        keyexchange=ike
        esp=3des-md5-96

The route to the VPN network seems OK, too:

vpn:/etc # ipsec eroute
0 10.0.2.0/24 -> 10.0.3.0/24 =>
tun0x1104_at_XXX.XXX.161.161

The Cisco tunnel setup should be OK, too:

interface Tunnel1
 ip address 10.0.127.114 255.255.255.252
 no ip directed-broadcast
 tunnel source Loopback1
 tunnel destination 10.0.2.1
...
ip route 0.0.0.0 0.0.0.0 10.0.1.253

and on the other one:

Interface Loopback2
 ip address 10.0.2.1 255.255.255.0
 no ip directed-broadcast
interface Tunnel1
 ip address 212.218.127.113 255.255.255.252
 no ip directed-broadcast
 tunnel source Loopback2
 tunnel destination 212.218.3.1
ip route 10.0.1.0 255.255.255.0 10.0.2.2
ip route 10.0.3.0 255.255.255.0 10.0.64.35

Do I make a basic error here from the setup?

Help appreciated ...

-gg
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: postmaster: "*****SPAM***** [Users] Returned mail--"BMP 19,696 06""
• Previous message: Tobias Hau: "[Users] INVALID_COOKIE"
• Next in thread: Jon Erdman: "Re: [Users] network connection w/ RoadWarrior and IP network"
• Reply: Jon Erdman: "Re: [Users] network connection w/ RoadWarrior and IP network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 05 2002 - 21:01:34 CEST