[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

vpn problem..


i'm having some problems implementing a vpn configuration, and i'm
hoping you guys could help me out here. we are hosting a debian sarge
server for one of our customers, and they need to communicate with this
server over the internet securely. to accomplish this, i want to create
a vpn between the debian server and their network. for my test setup,
this is what i did:

on the left side of the vpn (debian sarge server):

- compiled a 2.4.27-8 kernel with the backported KAME IPSec stack and
  crypto modules
- installed freeswan and ipsec-tools
- this server has two NIC's:
    * eth0 is connected to the internet, and has an external IP, let's
    * eth1 is _not_ connected, but i assigned an internal IP to it:
- setup iptables to accept the esp packets and IKE messages (udp/500)
  from the right side (
- configured freeswan for the vpn:
    conn foo-bar

on the right side i set up a simple test network behind a netscreen
appliance ( and configured the vpn.

now, i can start the vpn and it works when i try to connect from right
to left (let's say, from to tcpdump shows me
esp packets, and everything works fine.

now here's the problem: i cannot connect from left to right (i.e., from
the debian server to a machine inside the right network). when i follow
the tcpdump when i nmap a machine in the right network (, i
can see packets going from to so it's not
travelling the vpn and i don't have a clue why. i'm kind of a n00b at
this stuff, so i was amazed i actually got this far. but does anyone
know what i have to do to have a fully functional bidirectional vpn? or
is my setup just, well, plain stupid?? :-) it must be noted that in the
future it is likely that more parties will have to connect to this
server via an extra vpn.

kind regards,
-rodi evers.

Reply to: