i'm having some problems implementing a vpn configuration, and i'm
hoping you guys could help me out here. we are hosting a debian sarge
server for one of our customers, and they need to communicate with this
server over the internet securely. to accomplish this, i want to create
a vpn between the debian server and their network. for my test setup,
this is what i did:
on the left side of the vpn (debian sarge server):
- compiled a 2.4.27-8 kernel with the backported KAME IPSec stack and
- installed freeswan and ipsec-tools
- this server has two NIC's:
* eth0 is connected to the internet, and has an external IP, let's
* eth1 is _not_ connected, but i assigned an internal IP to it:
- setup iptables to accept the esp packets and IKE messages (udp/500)
from the right side (188.8.131.52).
- configured freeswan for the vpn:
on the right side i set up a simple test network behind a netscreen
appliance (184.108.40.206) and configured the vpn.
now, i can start the vpn and it works when i try to connect from right
to left (let's say, from 192.168.1.33 to 172.27.27.1). tcpdump shows me
esp packets, and everything works fine.
now here's the problem: i cannot connect from left to right (i.e., from
the debian server to a machine inside the right network). when i follow
the tcpdump when i nmap a machine in the right network (192.168.1.33), i
can see packets going from 220.127.116.11 to 192.168.1.33. so it's not
travelling the vpn and i don't have a clue why. i'm kind of a n00b at
this stuff, so i was amazed i actually got this far. but does anyone
know what i have to do to have a fully functional bidirectional vpn? or
is my setup just, well, plain stupid?? :-) it must be noted that in the
future it is likely that more parties will have to connect to this
server via an extra vpn.