[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] Fwd: Problem with virtual IP roadwarrior and
From: "VICTOR MANUEL IGLESIAS PALOMO" <victormanueliglesias () gmail ! com>
Date: 2007-03-25 16:51:17
Message-ID: a7232dd90703250951o34eb547bv3f773bb9d726c8ce () mail ! gmail ! com
[Download RAW message or body]
It works, this is the result:
root@laptop:/home/victor# ip route list
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.36
10.0.0.0/8 via 192.168.1.1 dev eth0 src 10.x.y.z
default via 192.168.1.1 dev eth0
Thank you very much.
On 3/24/07, Andreas Steffen <andreas.steffen@strongswan.org> wrote:
>
> Have you install the iproute2 package which is required for
> installing virtual IP addresses. Try
>
> ip route list
>
> and if it works send me the output and if it doesn't install iproute2
> first.
>
> Regards
>
> Andreas
>
> VICTOR MANUEL IGLESIAS PALOMO wrote:
> > Hello Andreas. I have removed from my /etc/network/interfaces the dummy0
> and
> > I obtain this routing table after stablishing the ipsec authentication
> > process with the vpn gateway:
> >
> > root@laptop:/home/victor# route -nv
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use Iface
> > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> > 10.0.0.0 192.168.1.1 255.0.0.0
> UG 0 0 0 eth0
> > 0.0.0.0 192.168.1.1 0.0.0.0
> UG 0 0 0 eth0
> >
> > Note: 10.0.0.0/8 is the remote private addressing of my corporate and
> > 192.168.1.0 is the local subnet at home.
> >
> > ¿Do you see something wrong in this routing table?, ¿how can I solve
> it?.
> >
> > Thanks.
> >
> >
> > On 3/23/07, Andreas Steffen <andreas.steffen@strongswan.org> wrote:
> >> Hi Victor,
> >>
> >> you don't need a dummy0 interface. Just define
> >>
> >> leftsourceip=10.x.y.z
> >>
> >> and this single IP address automatically becomes an alias
> >> added to your eth0 interface.
> >>
> >> Defining dummy0 as 10.0.0.0/8 is not a sensible thing
> >> to do because your rightsubnet behind the CheckPoint gateway
> >> is also 10.0.0.0/8. How should the routing algorithm know
> >> which network to choose?
> >>
> >> Andreas
> >>
> >>
> >> VICTOR MANUEL IGLESIAS PALOMO wrote:
> >>> Hello, first of all thanks for the great information you post in this
> >>> mailing list.
> >>>
> >>> I want to connect to my corporate checkpoint vpn server from home
> using
> >>> strongswan as my linux ipsec client. My OS is Guadalinex v4 (based on
> >> ubuntu
> >>> 2.6 kernel). I have read in this mailing list about solving the
> problems
> >>> with virtual IPs assigned by the internet access router by means of
> >>> configuring a static leftsourceip in the ipsec.conf of the client and
> a
> >>> local dummy interface for routing purposes.
> >>>
> >>> This is my scenario:
> >>>
> >>> ----------------------HOME---------------------
> >>> -------CORPORATE NETWORK-------------
> >>> 192.186.1.35 ----------------- 192.186.1.1
> >>> =======INTERNET====a.b.c.d----------------------------
> >>> 10.0.0.0/8
> >>> (virtual local IP) (internet access router LAN virtual IP)
> >> (VPN
> >>> server public IP) (private IP corporate subnet)
> >>> 10.x.y.z
> >>> (private corporate IP for roadwarrior assigned to me).
> >>>
> >>> I have done everything I have read about this topic and although my
> >>> authentication process is correct I can see no hosts in my corporate
> >>> network.
> >>>
> >>> Thanks in advance for your help. These are my logs:
> >>>
> >>> root@laptop:/home/victor# route -nv
> >>> Kernel IP routing table
> >>> Destination Gateway Genmask Flags Metric
> Ref Use
> >>> Iface
> >>> 192.186.1.0 0.0.0.0 255.255.255.0 U 0 0
> >>> 0 eth0
> >>> 10.0.0.0 0.0.0.0 255.0.0.0 UG 0
> >>> 0 0 dummy0
> >>> 0.0.0.0 192.186.1.1 0.0.0.0 UG 0
> >>> 0 0 eth0
> >>>
> >>> and my ipsec.conf:
> >>>
> >>> # /etc/ipsec.conf - strongSwan IPsec configuration file
> >>>
> >>> # RCSID $Id: ipsec.conf.in,v 1.7 2006/01/31 13:09:10 as Exp $
> >>>
> >>> # Manual: ipsec.conf.5
> >>> # Help: http://www.strongswan.org/docs/readme.htm
> >>>
> >>> version 2.0 # conforms to second version of
> ipsec.confspecification
> >>>
> >>> # basic configuration
> >>>
> >>> # config setup
> >>> config setup
> >>> interfaces=%defaultroute
> >>> klipsdebug=all
> >>> plutodebug=all
> >>> uniqueids=yes
> >>> nocrsend=yes
> >>> nat_traversal=yes
> >>> virtual_private=%v4:
> 10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
> >>>
> >>> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> >>> # plutodebug=all
> >>> # crlcheckinterval=600
> >>> # strictcrlpolicy=yes
> >>> # cachecrls=yes
> >>> # nat_traversal=yes
> >>>
> >>> # Uncomment to activate Opportunistic Encryption (OE)
> >>> # include /etc/ipsec.d/examples/oe.conf
> >>>
> >>> # Add connections here.
> >>>
> >>> conn miconexion
> >>> left=%defaultroute
> >>> leftcert=victorcer.pem
> >>> leftsourceip=10.x.y.z
> >>> right=a.b.c.d
> >>> rightsubnet=10.0.0.0/8
> >>> auto=add
>
> ======================================================================
> Andreas Steffen andreas.steffen@strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute of Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic