[Cialug] IPSec VPN not passing traffic
Jonathan C. Bailey
jbailey at co.marshall.ia.us
Tue Sep 7 12:24:41 CDT 2010
Hello,
I'm trying to set up a "roadwarrior" type VPN for some Sun Rays we have that can natively do IPSec (no L2TP needed). I found an example (http://www.tjhsst.edu/admin/livedoc/index.php/IPSec_VPN) and went off of that. I'm using a Windows PC with the Shrew Soft VPN client for testing.
While I can connect and authenticate fine, it seems that I'm unable to pass traffic. When running tcpdump on the IPSec server, I'm seeing the plaintext traffic on eth0, but it never passes to the network.
Since this is my first (and probably only) foray into IPSec, I'm a bit stumped. It's probably something quite easy, too. Has anyone else had an issue like this?
BTW, my racoon.conf (if it helps):
path certificate "/etc/ssl/certs";
path pre_shared_key "/etc/racoon/psk.txt";
remote anonymous {
exchange_mode aggressive;
passive on;
generate_policy on;
proposal_check obey;
nat_traversal force;
ike_frag on;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method xauth_psk_server;
dh_group 2;
}
}
sainfo anonymous {
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
mode_cfg {
network4 192.168.22.2;
pool_size 200;
netmask4 255.255.255.0;
dns4 x.y.10.17;
default_domain "domain.com";
split_network include x.y.10.17/32;
split_network include x.y.28.2/32;
split_network include x.y.28.3/32;
split_network include x.y.28.4/32;
split_network include 192.168.22.0/24;
auth_source pam;
banner "/etc/racoon/motd";
}
-Jon
More information about the Cialug
mailing list