[ale] strange VPN behaviour
James P. Kinney III
jkinney at localnetsolutions.com
Wed Feb 15 23:07:31 EST 2006
I've got a VPN joining two SOHO nets. Both gateways are Linux with
openswan and native kernel klips.
>From LAN A I can "see" Lan B (ping, vnc, no M$ browsing, though) but
from Lan B I can't see Lan A. No ping, nothing. (No jokes about
blackholes, one way worm holes, etc. I HAVE to use M$ on the LANs. It's
not MY choice :)
The routes are generated on both tunnel ends although both ends do a
strange "add an extra default route" and a route I don't recognize
(IPv6?) 128.0.0.0 -> default ??
So I do the tcpdump test (Ping from LAN B to a LAN A system) and I can
see the ESP packets hitting LAN A external NIC but the decoded packets
never hit the inside interface.
When I reverse all of this (ping from A to B and watch lan B) I see what
I should see, ESP on the outside, decrypted on the inside, replies from
the inside followed by encrypted leaving on the outside.
Arrgghhhhhhh!
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Ale
mailing list