Re: vpn problem..
-----BEGIN PGP SIGNED MESSAGE-----
R.M. Evers wrote:
| i'm having some problems implementing a vpn configuration, and i'm
| hoping you guys could help me out here. we are hosting a debian sarge
| server for one of our customers, and they need to communicate with this
| server over the internet securely. to accomplish this, i want to create
| a vpn between the debian server and their network. for my test setup,
| this is what i did:
| on the left side of the vpn (debian sarge server):
| - compiled a 2.4.27-8 kernel with the backported KAME IPSec stack and
| crypto modules
| - installed freeswan and ipsec-tools
| - this server has two NIC's:
| * eth0 is connected to the internet, and has an external IP, let's
| say 18.104.22.168.
| * eth1 is _not_ connected, but i assigned an internal IP to it:
| - setup iptables to accept the esp packets and IKE messages (udp/500)
| from the right side (22.214.171.124).
| - configured freeswan for the vpn:
| conn foo-bar
| on the right side i set up a simple test network behind a netscreen
| appliance (126.96.36.199) and configured the vpn.
| now, i can start the vpn and it works when i try to connect from right
| to left (let's say, from 192.168.1.33 to 172.27.27.1). tcpdump shows me
| esp packets, and everything works fine.
Does tcpdump show out-going and returning packets?
| now here's the problem: i cannot connect from left to right (i.e., from
| the debian server to a machine inside the right network). when i follow
| the tcpdump when i nmap a machine in the right network (192.168.1.33), i
| can see packets going from 188.8.131.52 to 192.168.1.33. so it's not
| travelling the vpn and i don't have a clue why. i'm kind of a n00b at
| this stuff, so i was amazed i actually got this far. but does anyone
| know what i have to do to have a fully functional bidirectional vpn? or
| is my setup just, well, plain stupid?? :-) it must be noted that in the
| future it is likely that more parties will have to connect to this
| server via an extra vpn.
Depending on the answer above, if you are not seeing returning packets,
check netstat -rn on the left server and check the routing table shows
the left-side subnet and that they are being routed through the correct
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
-----END PGP SIGNATURE-----