[Cialug] IPSec Routing & Evil NETKEY

[Jonathan C. Bailey]

Hello,

I'm still having problems with a pure IPSec setup I mentioned previously.. Everything seems to come up fine (phase 1/2), but packets go nowhere.. Here's my new setup and an example:

* VPN server has 2 interfaces: eth0 with $INTERNAL_IP, and eth1 with $EXTERNAL_IP
* I'm assigning an IP to the client with mode_cfg in the 192.168.101.0/24 subnet
* My goal is to ping $TEST_HOST which is on the same subnet as $INTERNAL_IP of the VPN server.

What I see, however, is the following (on eth1 - there is no corresponding traffic on eth0):

$CLIENT_PUBLIC_IP -> $EXTERNAL_IP   ESP   ESP (SPI=0x0454ba6b)
192.168.101.2 -> $TEST_HOST   ICMP   Echo (ping) request
...etc...

Based on the captures I'm have, it seems that the traffic is being successfully decrypted on eth1, but then it just goes "nowhere". I can't seem to find *anything* that would indicate how to move this decrypted traffic out the correct interface, or do anything else with it..

Anyone have some thoughts on this? About to go bald from pulling my hair out...



-Jon