RE: Please help, something's wrong with routing or vpn

["Ghaith Nasrawi" <libero () aucegypt edu>]

I'm assuming you are using IPSec in site-to-site mode here.

you mentioned that they "see" each other (talking about scenario #2).
What do you mean by that? you mean the tunnel can be established in
one direction, but not on the other one? Or after you establish the
tunnel either way, traffic only passes in one direction?

could you please post more info. about what protocols you are using,
and what tests you've made to reach such conclusion.



-------------------------------------
Please help me if you can. I'v built a VPN between two LANS with
OpenBSD 3.6
and D-Link router. Everything works fine and both hosts can see each other
if VPN is set up like this:

(192.168.0.2) Host1 (gateway for it is 192.168.0.1)
          |
          | Intranet
          |
(192.168.0.1) D-Link router's internal ip
(external_ip) D-Link router's external ip (VPN host)
          |
          | Internet
          |
(external_ip) Router's external ip
(10.30.1.1) Router's internal ip
          |
          | DMZ
          |
          |---- (external_ip) OpenBSD's external ip (VPN host)
          |---- (10.30.1.103) OpenBSD's internal ip
          |
          | Intranet
          |
(10.30.1.15) Host2 (gateway for it is 10.30.1.103)


But if VPN is set up like this:


(192.168.0.2) Host1 (gateway for it is 192.168.0.1)
          |
          | Intranet
          |
(192.168.0.1) D-Link router's internal ip
(external_ip) D-Link router's external ip (VPN host)
          |
          | Internet
          |
(external_ip) Router's external ip
(10.30.1.1) Router's internal ip
          |
          | DMZ
          |
          |---- (external_ip) OpenBSD's external ip (VPN host)
          |---- (10.30.1.103) OpenBSD's internal ip
          |
          | Intranet
          |
(10.30.1.15) Host2 (gateway for it is 10.30.1.1, but there is a route
entry
added in it's routing table: dest_192.168.0.0/24 gate_10.30.1.103)

Host2 can see Host1, but Host1 can't see Host2. If I try to add a rout
entry
to OpenBSD's routing table (dest_10.30.1.0/24 gate_10.30.1.1) it says:
File
exist. Firewalls were disabled for testing purposes. I don't understand
what's wrong.



-----

 (o_
 //\   Ghaith Nasrawi
 V_/_



PAST, n.
That part of Eternity with some small fraction of
which we have a slight and regrettable
acquaintance. A moving line called the Present
parts it from an imaginary period known as the
Future. These two grand divisions of Eternity, of
which the one is continually effacing the other,
are entirely unlike. The one is dark with sorrow
and disappointment, the other bright with
prosperity and joy. The Past is the region of
sobs, the Future is the realm of song. In the one
crouches Memory, clad in sackcloth and ashes,
mumbling penitential prayer; in the sunshine of
the other Hope flies with a free wing, beckoning
to temples of success and bowers of ease. Yet the
Past is the Future of yesterday, the Future is the
Past of to-morrow. They are one -- the knowledge
and the dream. (The Devil's Dictionary)