Firewall Wizards mailing list archives
VPN
From: Sandra Hernandez Marsa <shernan () ac upc es>
Date: Fri, 02 Feb 2001 18:07:11 +0100
Hi all,
We're deploying a VPN in order to interconnect to sites of a given
company
using Linux, IPChains and FreeSwan. Currently both sites are using
private
192.168.7.0/25 IP's.
The layout is as follows:
(Site A 192.168.7.0/25)<--->GW1----(Internet)----GW2<----->(Site B
192.168.7.128/25)
We have the following questions:
A) Since IP's at both subnets are private do we need to use Masquerading
at
GW1 and GW2 in order to route paquets through the VPN or does IPSec
encapsulation provide for this already?
B) We have been sniffing the packets sent from GW1 to GW2 through the
ipsec0
interface and we've seen that the destination IP is a private IP from
Site
B! How can this be? If that's going on to the Internet it won't get
routed... or could it be that tcpdump is interpreting IPSec?
C)We have read that compiling IPSec with debug options turned on causes
problems, is it true?
So once this doubt's are answered what we've got right now is the
following:
*Forwarding is Active on GW1 and GW2
*Masquerading is active on GW1 and GW2
When we try to setup the VPN connection we stumble upon the following
error:
110 "connection1" #11: STATE_QUICK_I1: initiate
003 "connection1" #11: up-client command exited with status 1
032 "connection1" #11: STATE_QUICK_I1: internal error
003 "connection1" #11: up-client command exited with status 1
032 "connection1" #11: STATE_QUICK_I1: internal error
010 "connection1" #11: STATE_QUICK_I1: retransmission; will wait 20s for
response
Any hint of what could be happening???
This is urgent, any help will be appreciated.
The complete configuration can be found below, thank you very much in
advance.
MatÃas Bevilacqua
CONFIGURATION
____________________________________________________________________________
____________________
GW1 configuration
ifconfig:
eth0 Link encap:Ethernet HWaddr 00:01:02:AD:2A:8A
inet addr:192.168.7.91 Bcast:192.168.7.255
Mask:255.255.255.128
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:433754 errors:3 dropped:0 overruns:0 frame:3
TX packets:7434 errors:0 dropped:0 overruns:0 carrier:62
collisions:6 txqueuelen:100
Interrupt:11 Base address:0xe400
eth1 Link encap:Ethernet HWaddr 00:01:02:1B:6F:0D
inet addr:111.111.111.129 Bcast:111.111.111.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2516616 errors:3 dropped:0 overruns:0 frame:3
TX packets:105996 errors:0 dropped:0 overruns:0 carrier:0
collisions:3601 txqueuelen:100
Interrupt:10 Base address:0xe800
ipsec0 Link encap:Ethernet HWaddr 00:01:02:1B:6F:0D
inet addr:111.111.111.129 Mask:255.255.255.0
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:77 errors:0 dropped:0 overruns:0 frame:0
TX packets:232 errors:0 dropped:18780 overruns:0 carrier:0
collisions:0 txqueuelen:10
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:197 errors:0 dropped:0 overruns:0 frame:0
TX packets:197 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
Routing:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.7.91 0.0.0.0 255.255.255.255 UH 0 0 0
eth0
192.168.7.0 0.0.0.0 255.255.255.128 U 0 0 0
eth0
192.168.7.128 111.111.111.1 255.255.255.128 UG 0 0 0
ipsec0
111.111.111.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
111.111.111.0 0.0.0.0 255.255.255.0 U 0 0 0
ipsec0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0
lo
0.0.0.0 111.111.111.1 0.0.0.0 UG 0 0 0
eth1
____________________________________________________________________________
____________________
GW2 Configuration
ifconfig:
eth0 Link encap:Ethernet HWaddr 00:01:02:A8:CB:65
inet addr:112.111.111.254 Bcast:112.111.111.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21757 errors:0 dropped:0 overruns:0 frame:0
TX packets:19557 errors:0 dropped:0 overruns:0 carrier:2
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xe400
eth1 Link encap:Ethernet HWaddr 00:50:04:49:18:2F
inet addr:192.168.7.254 Bcast:192.168.7.255
Mask:255.255.255.128
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:35548 errors:0 dropped:0 overruns:0 frame:0
TX packets:36875 errors:0 dropped:0 overruns:0 carrier:0
collisions:415 txqueuelen:100
Interrupt:5 Base address:0xe800
ipsec0 Link encap:Ethernet HWaddr 00:01:02:A8:CB:65
inet addr:112.111.111.254 Mask:255.255.255.0
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
Routing:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.7.254 0.0.0.0 255.255.255.255 UH 0 0 0
eth1
112.111.111.254 0.0.0.0 255.255.255.255 UH 0 0 0
eth0
192.168.7.128 0.0.0.0 255.255.255.128 U 0 0 0
eth1
112.111.111.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
112.111.111.0 0.0.0.0 255.255.255.0 U 0 0 0
ipsec0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0
lo
0.0.0.0 112.111.111.253 0.0.0.0 UG 0 0 0
eth0
____________________________________________________________________________
___________________
("`-''-/").___..--''"`-._
`6_ 6 ) `-. ( ).`-.__.`)
(_Y_.)' ._ ) `._ `. ``-..-'
_..`--'_..-_/ /--'_.' ,'
(il),-'' (li),' ((!.-'
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!"
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- VPN Sandra Hernandez Marsa (Feb 03)
- <Possible follow-ups>
- Re: VPN Jeffery . Gieser (Feb 07)