Firewall Wizards mailing list archives
VPN
From: Sandra Hernandez Marsa <shernan () ac upc es>
Date: Fri, 02 Feb 2001 18:07:11 +0100
Hi all, We're deploying a VPN in order to interconnect to sites of a given company using Linux, IPChains and FreeSwan. Currently both sites are using private 192.168.7.0/25 IP's. The layout is as follows: (Site A 192.168.7.0/25)<--->GW1----(Internet)----GW2<----->(Site B 192.168.7.128/25) We have the following questions: A) Since IP's at both subnets are private do we need to use Masquerading at GW1 and GW2 in order to route paquets through the VPN or does IPSec encapsulation provide for this already? B) We have been sniffing the packets sent from GW1 to GW2 through the ipsec0 interface and we've seen that the destination IP is a private IP from Site B! How can this be? If that's going on to the Internet it won't get routed... or could it be that tcpdump is interpreting IPSec? C)We have read that compiling IPSec with debug options turned on causes problems, is it true? So once this doubt's are answered what we've got right now is the following: *Forwarding is Active on GW1 and GW2 *Masquerading is active on GW1 and GW2 When we try to setup the VPN connection we stumble upon the following error: 110 "connection1" #11: STATE_QUICK_I1: initiate 003 "connection1" #11: up-client command exited with status 1 032 "connection1" #11: STATE_QUICK_I1: internal error 003 "connection1" #11: up-client command exited with status 1 032 "connection1" #11: STATE_QUICK_I1: internal error 010 "connection1" #11: STATE_QUICK_I1: retransmission; will wait 20s for response Any hint of what could be happening??? This is urgent, any help will be appreciated. The complete configuration can be found below, thank you very much in advance. MatÃas Bevilacqua CONFIGURATION ____________________________________________________________________________ ____________________ GW1 configuration ifconfig: eth0 Link encap:Ethernet HWaddr 00:01:02:AD:2A:8A inet addr:192.168.7.91 Bcast:192.168.7.255 Mask:255.255.255.128 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:433754 errors:3 dropped:0 overruns:0 frame:3 TX packets:7434 errors:0 dropped:0 overruns:0 carrier:62 collisions:6 txqueuelen:100 Interrupt:11 Base address:0xe400 eth1 Link encap:Ethernet HWaddr 00:01:02:1B:6F:0D inet addr:111.111.111.129 Bcast:111.111.111.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2516616 errors:3 dropped:0 overruns:0 frame:3 TX packets:105996 errors:0 dropped:0 overruns:0 carrier:0 collisions:3601 txqueuelen:100 Interrupt:10 Base address:0xe800 ipsec0 Link encap:Ethernet HWaddr 00:01:02:1B:6F:0D inet addr:111.111.111.129 Mask:255.255.255.0 UP RUNNING NOARP MTU:16260 Metric:1 RX packets:77 errors:0 dropped:0 overruns:0 frame:0 TX packets:232 errors:0 dropped:18780 overruns:0 carrier:0 collisions:0 txqueuelen:10 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:197 errors:0 dropped:0 overruns:0 frame:0 TX packets:197 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 Routing: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.7.91 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.7.0 0.0.0.0 255.255.255.128 U 0 0 0 eth0 192.168.7.128 111.111.111.1 255.255.255.128 UG 0 0 0 ipsec0 111.111.111.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 111.111.111.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 111.111.111.1 0.0.0.0 UG 0 0 0 eth1 ____________________________________________________________________________ ____________________ GW2 Configuration ifconfig: eth0 Link encap:Ethernet HWaddr 00:01:02:A8:CB:65 inet addr:112.111.111.254 Bcast:112.111.111.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:21757 errors:0 dropped:0 overruns:0 frame:0 TX packets:19557 errors:0 dropped:0 overruns:0 carrier:2 collisions:0 txqueuelen:100 Interrupt:11 Base address:0xe400 eth1 Link encap:Ethernet HWaddr 00:50:04:49:18:2F inet addr:192.168.7.254 Bcast:192.168.7.255 Mask:255.255.255.128 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:35548 errors:0 dropped:0 overruns:0 frame:0 TX packets:36875 errors:0 dropped:0 overruns:0 carrier:0 collisions:415 txqueuelen:100 Interrupt:5 Base address:0xe800 ipsec0 Link encap:Ethernet HWaddr 00:01:02:A8:CB:65 inet addr:112.111.111.254 Mask:255.255.255.0 UP RUNNING NOARP MTU:16260 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 Routing: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.7.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 112.111.111.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.7.128 0.0.0.0 255.255.255.128 U 0 0 0 eth1 112.111.111.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 112.111.111.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 112.111.111.253 0.0.0.0 UG 0 0 0 eth0 ____________________________________________________________________________ ___________________ ("`-''-/").___..--''"`-._ `6_ 6 ) `-. ( ).`-.__.`) (_Y_.)' ._ ) `._ `. ``-..-' _..`--'_..-_/ /--'_.' ,' (il),-'' (li),' ((!.-' "When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!" _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- VPN Sandra Hernandez Marsa (Feb 03)
- <Possible follow-ups>
- Re: VPN Jeffery . Gieser (Feb 07)