VPN SuSE 7.0 Routing
Jon Carnes
jonc at HAHT.COM
Thu Apr 5 18:20:22 EDT 2001
Yes!
Using your diagram above as the true setup, then you're routes are
definitely screwed up. On the Slave (Net 1):
- 192.168.2.0 should be a local address (not via the PPP)
- 192.168.1.0 is not local, but should point to the PPP link
On the Master (Net2):
- 192.168.1.0 should be a local address (not via the PPP)
- 192.168.2.0 is not local, but should point to the PPP link -
So now I think, your picture must be wrong! So if you are plugging in
values and using the picture to put those in place, then you might have a
problem there!
===
Assuming all is right and the picture is wrong and you did put in the right
values for all your scripts that you are running, then the most common
problem is not putting your routes on your primary internal routers.
Look at the primary internal router for network 1 and make sure that it has
a route pointing to network 2. The route should use your local end of the
VPN as the gateway.
The same goes for the internal router for network 2.
===
The next most common problem is that you have not opened the routes on your
firewalls. Assuming you are running firewalls on each of the VPN endpoints,
check to make sure that you have opened up the networks for bi-directional
flow of TCP and UDP (and anything else you want to pass).
Good Luck - Jon Carnes
----- Original Message -----
From: "Uwe Scheffold" <Uwe.Scheffold at WAELISCHMILLER.COM>
To: <VPN at SECURITYFOCUS.COM>
Sent: Wednesday, April 04, 2001 12:23 PM
Subject: VPN SuSE 7.0 Routing
> Hi out there,
>
> I try to install a VPN with Linux (SuSE 7.0) Computers.
>
> Here is the networksituation:
>
> Net 1 eth0 slave eth1 internet eth1 master eth0 Net 2
> ==========| SuSE 7.0 |--------->|~~~|<---------| SuSE 7.0 |============
> 192.168.2.0 I 217.89.33.11 217.6.96.3 II 192.168.1.0
>
> I use the ssh pppd, system described in miniVPN howto.
>
> The connection between the two computers works fine, but after setup of
> routes, I can only ping from Computer I (net 2) to computer II (net 1). It
> is not possible to ping from II to I and not into the network 1 and 2.
What
> went wrong?
>
> Here are the routing tables. Is anyboby able to see what is wrong here?
>
> Slave
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.101.2 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
> 217.89.33.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
> 192.168.2.0 192.168.101.2 255.255.255.0 UG 0 0 0
ppp0
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 217.89.33.9 0.0.0.0 UG 0 0 0
eth1
>
> Master
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.101.1 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
> 217.6.96.0 0.0.0.0 255.255.255.248 U 0 0 0
eth1
> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
> 192.168.1.0 192.168.101.1 255.255.255.0 UG 0 0 0
ppp0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 217.6.96.1 0.0.0.0 UG 0 0 0
eth1
>
>
> Is there a better VPN solution for this network (FreeSwan etc.)?
>
> Best Regards: Uwe Scheffold
>
> VPN is sponsored by SecurityFocus.COM
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list