VPN: Strongswan nout routing XP client

Craig Chandler craig.chandler at internode.on.net
Thu Jan 27 04:53:30 CST 2005


Jason Tan said :
> 
> Firewall rules - specifically do you have any and if so, do they allow 
> icmp from the gateway to the rest of the 192.168.0.0 network (and back)?
> 

I was under the impression that VPN would handle the routing of traffic 
to 192.168.0.0 network through the gateway. So this is not the case?

> Jason
> 
> Craig Chandler wrote:
> 
>> Hi all, ive sent this to the strongswan user group mailing list but 
>> i'm getting no response so i thought i'd give you guys a shot.
>>
>> I'm trying to configure a VPN tunnel through a Strongswan gateway like 
>> this:-
>>
>>
>>            o|Gateway|o=================o|XP Client
>> 192.168.0.50         192.168.34.1      192.168.34.137
>>          ||
>>          ||
>>          ||
>>          ||
>>          o
>>          -
>>      internal lan
>>      192.168.0.1
>>
>> currently i can ping the 192.168.0.50 from the XP client but not 
>> 192.168.0.1 and i cant work out why...?
>>
>> kernel version 2.6.10
>> Strongswan version 2.3.0
>>
>> ipsec.conf file
>>
>> config setup
>>           interfaces="ipsec0=eth1"
>>
>> # Sample VPN connection
>> conn %default
>>                 authby=rsasig
>>                 # Local security gateway and subnet behind it.
>>                 left=192.168.34.1
>>                 leftsubnet=192.168.0.0/24
>>                 # Certificate of local security gateway
>>                 leftrsasigkey=%cert
>>                 leftcert=shtkicker-cert.pem
>>                 auto=add
>>
>> conn roving
>>                 right=192.168.34.137
>>                 rightrsasigkey=%cert
>>                 rightcert=client-cert.pem
>>                 auto=add
>>
>> Gateway route
>> Kernel IP routing table
>> Destination     Gateway         Genmask         Flags Metric Ref    
>> Use Iface
>> 192.168.34.137  192.168.34.137  255.255.255.255 UGH   0      0        
>> 0 eth1
>> 192.168.34.0    *               255.255.255.0   U     0      0        
>> 0 eth1
>> 192.168.0.0     *               255.255.255.0   U     0      0        
>> 0 eth0
>> default         192.168.0.1     0.0.0.0         UG    0      0        
>> 0 eth0
>>
>> XP Client route
>> Active Routes:
>> Network Destination        Netmask          Gateway       Interface  
>> Metric
>>           0.0.0.0          0.0.0.0     192.168.34.1  
>> 192.168.34.137       1
>>         127.0.0.0        255.0.0.0        127.0.0.1       
>> 127.0.0.1       1
>>      192.168.34.0    255.255.255.0   192.168.34.137  
>> 192.168.34.137       1
>>    192.168.34.137  255.255.255.255        127.0.0.1       
>> 127.0.0.1       1
>>    192.168.34.255  255.255.255.255   192.168.34.137  
>> 192.168.34.137       1
>>         224.0.0.0        224.0.0.0   192.168.34.137  
>> 192.168.34.137       1
>>   255.255.255.255  255.255.255.255   192.168.34.137  
>> 192.168.34.137       1
>> Default Gateway:      192.168.34.1
>> =========================================================================== 
>>
>>
>> regards
> 
> 
> 
> 


More information about the linuxsa mailing list