[Cialug] IPSec VPN not passing traffic
Nathan C. Smith
nathan.smith at ipmvs.com
Tue Sep 7 12:29:16 CDT 2010
You may have the connection set up but no rules for forwarding traffic or routes set?
-Nate
-----Original Message-----
From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On Behalf Of Jonathan C. Bailey
Sent: Tuesday, September 07, 2010 12:25 PM
To: cialug at cialug.org
Subject: [Cialug] IPSec VPN not passing traffic
Hello,
I'm trying to set up a "roadwarrior" type VPN for some Sun Rays we have that can natively do IPSec (no L2TP needed). I found an example (http://www.tjhsst.edu/admin/livedoc/index.php/IPSec_VPN) and went off of that. I'm using a Windows PC with the Shrew Soft VPN client for testing.
While I can connect and authenticate fine, it seems that I'm unable to pass traffic. When running tcpdump on the IPSec server, I'm seeing the plaintext traffic on eth0, but it never passes to the network.
Since this is my first (and probably only) foray into IPSec, I'm a bit stumped. It's probably something quite easy, too. Has anyone else had an issue like this?
BTW, my racoon.conf (if it helps):
path certificate "/etc/ssl/certs";
path pre_shared_key "/etc/racoon/psk.txt";
remote anonymous {
exchange_mode aggressive;
passive on;
generate_policy on;
proposal_check obey;
nat_traversal force;
ike_frag on;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method xauth_psk_server;
dh_group 2;
}
}
sainfo anonymous {
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
mode_cfg {
network4 192.168.22.2;
pool_size 200;
netmask4 255.255.255.0;
dns4 x.y.10.17;
default_domain "domain.com";
split_network include x.y.10.17/32;
split_network include x.y.28.2/32;
split_network include x.y.28.3/32;
split_network include x.y.28.4/32;
split_network include 192.168.22.0/24;
auth_source pam;
banner "/etc/racoon/motd";
}
-Jon
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list