Security Basics mailing list archives
RE: Please help, something's wrong with routing or vpn
From: "Ghaith Nasrawi" <libero () aucegypt edu>
Date: Tue, 14 Dec 2004 19:14:58 +0000
I'm assuming you are using IPSec in site-to-site mode here. you mentioned that they "see" each other (talking about scenario #2). What do you mean by that? you mean the tunnel can be established in one direction, but not on the other one? Or after you establish the tunnel either way, traffic only passes in one direction? could you please post more info. about what protocols you are using, and what tests you've made to reach such conclusion. ------------------------------------- Please help me if you can. I'v built a VPN between two LANS with OpenBSD 3.6 and D-Link router. Everything works fine and both hosts can see each other if VPN is set up like this: (192.168.0.2) Host1 (gateway for it is 192.168.0.1) | | Intranet | (192.168.0.1) D-Link router's internal ip (external_ip) D-Link router's external ip (VPN host) | | Internet | (external_ip) Router's external ip (10.30.1.1) Router's internal ip | | DMZ | |---- (external_ip) OpenBSD's external ip (VPN host) |---- (10.30.1.103) OpenBSD's internal ip | | Intranet | (10.30.1.15) Host2 (gateway for it is 10.30.1.103) But if VPN is set up like this: (192.168.0.2) Host1 (gateway for it is 192.168.0.1) | | Intranet | (192.168.0.1) D-Link router's internal ip (external_ip) D-Link router's external ip (VPN host) | | Internet | (external_ip) Router's external ip (10.30.1.1) Router's internal ip | | DMZ | |---- (external_ip) OpenBSD's external ip (VPN host) |---- (10.30.1.103) OpenBSD's internal ip | | Intranet | (10.30.1.15) Host2 (gateway for it is 10.30.1.1, but there is a route entry added in it's routing table: dest_192.168.0.0/24 gate_10.30.1.103) Host2 can see Host1, but Host1 can't see Host2. If I try to add a rout entry to OpenBSD's routing table (dest_10.30.1.0/24 gate_10.30.1.1) it says: File exist. Firewalls were disabled for testing purposes. I don't understand what's wrong. ----- (o_ //\ Ghaith Nasrawi V_/_ PAST, n. That part of Eternity with some small fraction of which we have a slight and regrettable acquaintance. A moving line called the Present parts it from an imaginary period known as the Future. These two grand divisions of Eternity, of which the one is continually effacing the other, are entirely unlike. The one is dark with sorrow and disappointment, the other bright with prosperity and joy. The Past is the region of sobs, the Future is the realm of song. In the one crouches Memory, clad in sackcloth and ashes, mumbling penitential prayer; in the sunshine of the other Hope flies with a free wing, beckoning to temples of success and bowers of ease. Yet the Past is the Future of yesterday, the Future is the Past of to-morrow. They are one -- the knowledge and the dream. (The Devil's Dictionary)
Current thread:
- Please help, something's wrong with routing or vpn Tomas (Dec 14)
- <Possible follow-ups>
- RE: Please help, something's wrong with routing or vpn Ghaith Nasrawi (Dec 14)