FW: [Users] Roadwarrior can ping remote private network, but that's all! <- WORKING AT LAST!

From: Alistair Nelson (alistair.nelson_at_eb2b.com.au)
Date: Wed Sep 18 2002 - 06:56:18 CEST

• Next message: ???: "[Users] Re: SuSE 6.3 and IABG freeswan"
• Previous message: its ravi: "[Users] how keylife is implemented.........."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Igmar,

Actually, I take that back... I needed to change the remote machine
gateway!

I didn't realise this had to be done. Private network computers in my
case need
to have their default gateway changed from the firewall to the freeswan
server.
I guess not many people have this problem as many seem to have the vpn
gateway
on the firewall host.

Thanks very much to everyone who helped. I hope I can return the favour
to others
starting out.

Cheers,

Alistair.

-----Original Message-----
From: Alistair Nelson [mailto:alistair.nelson_at_eb2b.com.au]
Sent: Wednesday, 18 September 2002 9:28 AM
To: 'Users_at_lists.freeswan.org'
Subject: RE: [Users] Roadwarrior can ping remote private network, but
that's all!

Hi Igmar,

Thanks for your reply... however unfortunately the problem doesn't
appear to be that
easy. The "aphrodite" host does have a default gateway set and from it
any host can be accessed. It's default gateway is the firewall which is
not dropping any related packets. Also the fact that pinging aphrodite
actually works?

Anyone else got any ideas from the attached tcpdump as to why the road
warrior can ping the internal host behind the freeswan gateway, but
can't seem to communicate on any tcp/udp ports???

Kind regards,

Alistair.
-----Original Message-----
From: Igmar Palsenberg [mailto:maillist_at_jdimedia.nl]
Sent: Tuesday, 17 September 2002 6:26 PM
To: Alistair Nelson
Cc: Users_at_lists.freeswan.org
Subject: RE: [Users] Roadwarrior can ping remote private network, but
that's all!

> Sam: I will be using Freeswan for simple protocols like SMTP, Exchange
> as well as others. Mainly it will be for mail and file server for
> now, although this
> use will no doubt expand. I've installed tcpdump now for testing,

> and simply testing
> with a telnet to a UNIX computer in the private subnet behind the

> Freeswan GW.
>
> Here's a tcpdump from aphrodite, a Solaris host when a Win2K road
> warrior tries to telnet to it. As mentioned before, Pinging is ok.
> Telnet eventually just gets "Could not open a connection to host:
> Connect failed" from the Windows end. The acc3-ppp* host
> is the Win2K road warrior using Marcus M's tool.

Looks like the remote machine doesn't have a gateway, or it doesn't make

sense.
 
> I am no packet monitoring expert... this tells me that the Freeswan GW
> is correctly forwarding the telnet packets along to the Solaris
> host... but unfortunately I can't interpret the output
> enough to know if there is some sort of routing issue ?
>
> 14:08:25.961578 acc3-ppp425.bur.dialup.connect.net.au.1040 >
> aphrodite.software-aus.com.au.t
> elnet: S 1424687828:1424687828(0) win 8760 <mss 1360,nop,nop,sackOK>
> (DF)
> 14:08:25.961669 aphrodite.software-aus.com.au.telnet >
> acc3-ppp425.bur.dialup.connect.net.au
> .1040: S 3411660871:3411660871(0) ack 1424687829 win 25840
> <nop,nop,sackOK,mss 1460> (DF) 14:08:26.214673
> acc3-ppp425.bur.dialup.connect.net.au.1040 >
> aphrodite.software-aus.com.au.t
> elnet: R 1424687829:1424687829(0) win 0
> 14:08:28.909406 acc3-ppp425.bur.dialup.connect.net.au.1040 >
> aphrodite.software-aus.com.au.t
> elnet: S 1424687828:1424687828(0) win 8760 <mss 1360,nop,nop,sackOK>
> (DF)
> 14:08:28.909495 aphrodite.software-aus.com.au.telnet >
> acc3-ppp425.bur.dialup.connect.net.au
> .1040: S 3412619191:3412619191(0) ack 1424687829 win 25840
> <nop,nop,sackOK,mss 1460> (DF) 14:08:29.276501
> acc3-ppp425.bur.dialup.connect.net.au.1040 >
> aphrodite.software-aus.com.au.t
> elnet: R 1424687829:1424687829(0) win 0
> 14:08:34.888707 acc3-ppp425.bur.dialup.connect.net.au.1040 >
> aphrodite.software-aus.com.au.t
> elnet: S 1424687828:1424687828(0) win 8760 <mss 1360,nop,nop,sackOK>
> (DF)
> 14:08:34.888797 aphrodite.software-aus.com.au.telnet >
> acc3-ppp425.bur.dialup.connect.net.au
> .1040: S 3414105345:3414105345(0) ack 1424687829 win 25840
> <nop,nop,sackOK,mss 1460> (DF) 14:08:35.060553
> acc3-ppp425.bur.dialup.connect.net.au.1040 >
> aphrodite.software-aus.com.au.t
> elnet: R 1424687829:1424687829(0) win 0
>
> Anyone got any ideas as to why the simple telnet is failing here???

It's probably the gateway on aphrodite.software-aus.com.au.t.

        Igmar

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: ???: "[Users] Re: SuSE 6.3 and IABG freeswan"
• Previous message: its ravi: "[Users] how keylife is implemented.........."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Sep 19 2002 - 05:20:10 CEST