From: Ravi Simhambhatla (ravi_at_simhams.com)
Date: Wed Oct 09 2002 - 09:39:27 CEST
hI jOHN,
I got it to work - basically, my subnet definitions were incorrect.
Cheers,
Ravi
> Can the workstations access the Internet without the VPN, i.e., with
> the gateway functioning as just a NAT/Firewall/Router device? - John
>
> On Sat, 2002-10-05 at 02:26, Ravi Simhambhatla wrote:
> > Hi,
> >
> > I need come help with a road warrior configuration. I have seven Windows
> > clients at home that are used for internet access via a Linux gateway
> > running Frees/WAN and has two nics, one for the internal network and one
for
> > the external network. My internal network is 192.168.1.0/24 and the
gateway
> > IP for the internal network is 192.168.1.1 (IP if internal NIC in the
> > gateway). I have the Windows 2000 vpn client installed and working on
the
> > windows boxes. What I am aiming to do is to drop any outgoing traffic
from
> > any computer within the internal network until a vpn tunnel is
established
> > between an internal node and the Frees/WAN gateway. Using my
configuration
> > (see below), I can ping all nodes within the internal network after I
> > establish a vpn tunnel between the internal node and the gateway.
However,
> > I cannot ping any external IP address e.g. www.google.com - I get a
request
> > timed out.
> >
> > Any help/insight/advice would be appreciated!!
> >
> > Cheers,
> >
> > Ravi
> >
> > Network Diagram
> > ---------------
> >
> > Windows Clients (192.168.1.2 - 20)
> > |
> > |
> > Linux gateway
> > |
> > +-------eth1 on Linux Gateway (192.168.1.1)
> > |
> > |
> > +-------eth0 on Linux Gateway (a.b.c.d) ---> to internet
> >
> >
> > Frees/WAN /etc/ipsec.conf
> > -------------------------
> >
> > config setup
> > interfaces="ipsec0=eth1"
> > klipsdebug=none
> > plutodebug=none
> > plutoload=%search
> > plutostart=%search
> > uniqueids=yes
> >
> > conn %default
> > keyingtries=1
> > compress=yes
> > disablearrivalcheck=no
> > authby=rsasig
> > leftrsasigkey=%cert
> > rightrsasigkey=%cert
> >
> > conn roadwarrior-net
> > leftsubnet=192.168.1.0/24
> > also=roadwarrior
> >
> > conn roadwarrior
> > right=%any
> > left=192.168.1.4
> > leftcert=simhams-ap.simhams.com.pem
> > auto=add
> > pfs=yes
> >
> >
> > Windows Clients ipsec.conf
> > --------------------------
> >
> > conn roadwarrior
> > left=%any
> > right=192.168.1.4
> > rightca="C=US,ST=CA,L=San Jose,O=simhams,CN=simhams certificate
> > authority,Email=cert_at_simhams.com"
> > network=auto
> > auto=start
> > pfs=yes
> >
> > conn roadwarrior-net
> > left=%any
> > right=192.168.1.4
> > rightsubnet=192.168.1.0/24
> > rightca="C=US,ST=CA,L=San Jose,O=simhams,CN=simhams certificate
> > authority,Email=cert_at_simhams.com"
> > network=auto
> > auto=start
> > pfs=yes
> > _______________________________________________
> > Users mailing list
> > Users_at_lists.freeswan.org
> > http://lists.freeswan.org/mailman/listinfo/users
> --
> John A. Sullivan III
> Group Technology Director
> Nexus Management
> +1 207-985-7880
> John.Sullivan_at_nexusmgmt.com
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Oct 10 2002 - 05:20:25 CEST