vpn problem..
hello,
i'm having some problems implementing a vpn configuration, and i'm
hoping you guys could help me out here. we are hosting a debian sarge
server for one of our customers, and they need to communicate with this
server over the internet securely. to accomplish this, i want to create
a vpn between the debian server and their network. for my test setup,
this is what i did:
on the left side of the vpn (debian sarge server):
- compiled a 2.4.27-8 kernel with the backported KAME IPSec stack and
crypto modules
- installed freeswan and ipsec-tools
- this server has two NIC's:
* eth0 is connected to the internet, and has an external IP, let's
say 1.2.3.4.
* eth1 is _not_ connected, but i assigned an internal IP to it:
172.27.27.1.
- setup iptables to accept the esp packets and IKE messages (udp/500)
from the right side (9.8.7.6).
- configured freeswan for the vpn:
--
conn foo-bar
left=1.2.3.4
leftsubnet=172.27.27.0/24
leftnexthop=1.2.3.1
right=9.8.7.6
rightsubnet=192.168.1.0/24
authby=secret
auto=start
--
on the right side i set up a simple test network behind a netscreen
appliance (9.8.7.6) and configured the vpn.
now, i can start the vpn and it works when i try to connect from right
to left (let's say, from 192.168.1.33 to 172.27.27.1). tcpdump shows me
esp packets, and everything works fine.
now here's the problem: i cannot connect from left to right (i.e., from
the debian server to a machine inside the right network). when i follow
the tcpdump when i nmap a machine in the right network (192.168.1.33), i
can see packets going from 1.2.3.4 to 192.168.1.33. so it's not
travelling the vpn and i don't have a clue why. i'm kind of a n00b at
this stuff, so i was amazed i actually got this far. but does anyone
know what i have to do to have a fully functional bidirectional vpn? or
is my setup just, well, plain stupid?? :-) it must be noted that in the
future it is likely that more parties will have to connect to this
server via an extra vpn.
kind regards,
-rodi evers.
Reply to: