Frees/wan setup problems

Cole Tuininga colet at code-energy.com
Wed Feb 26 09:08:51 EST 2003 

Ok - here's the situation.  I'm looking doing some work from home, so I
want to VPN my home network with my lab network at work.  Here's the
setup:

Both networks are basically the same in setup.  They look like:

linux workstations <--> linux masqing box <--> internet

On the home network, I use an internal class C network: 192.168.2.0/24
and at work we use 192.168.1.0/24.

My ipsec.conf on each side looks like the following:

config setup
    interfaces="ipsec0=eth1"
    klipsdebug=none
    plutodebug=none
    plutoload=%search
    plutostart=%search
    uniqueids=yes

conn %default
    keyingtries=0
    disablearrivalcheck=yes
    authby=rsasig

conn panam-cole
    left = 63.127.199.26
    leftsubnet = 192.168.2.0/24
    leftnexthop = 63.127.199.25
    leftrsasigkey = 0sAQNkta3 [snipped for brevity]
    right = 209.187.117.100
    rightsubnet = 192.168.1.0/24
    rightnexthop = 209.187.117.65
    rightrsasigkey=0sAQPBb4 [snipped for brevity]
    auto = start


One thing I should mention is that the kernel patches I'm using are for
freeswan 1.96 and freeswan itself is 1.99.  Before anybody jumps on me
TOO much about that, I'll say this.  It was working.  8)

Both machines that are VPNs are also NATing for their internal
networks.  I'm making sure that it is not NATing for the private
networks by adding a -d ! 192.168.0.0/16 into the nat rule.  I'm using
kernel 2.4.18 with iptables.

Like I said before, it's rather peculiar because it *was* working.  I
had to finish assembling the box here at Pan Am so I took it down.  When
it came back up, the logs claim that the ipsec connection is active, and
if I turn on klipsdebug to all I can see that "something is happening",
but my pings and ssh's don't make it through.

Any thoughts on what could be wrong?  Or even what to do as a next
diagnostic step?

-- 
"... one of the main causes of the fall of the Roman Empire was that,
 lacking zero, they had no way to indicate successful termination of
 their C programs."  --  Robert Firth

Cole Tuininga
Lead Developer
Code Energy, Inc
colet at code-energy.com
PGP Key ID: 0x43E5755D

More information about the gnhlug-discuss mailing list