Re: [Ipsec-tools-devel] can't access linux after ipsec is up
Brought to you by:
mit_warlord,
netbsd
From: Pierre C. <pie...@fr...> - 2012-02-26 15:14:25
|
Hi Satavee, The usual way to solve this kind of issue is to use nat and faked natted networks. I find a page on the internet explaining the concept: http://wiki.openwrt.org/doc/howto/vpn.ipsec.overlappingsubnets Now, how to implement this, is completely depending on the unix/linux distribution you're using. Hope this will help. Regards, Pierre Le Sun Feb 26 13:51:13 2012, Satavee a écrit : > Hi Pierre, > You're rigth. It's work. > > Next question, any command to let racoon/ipsec-toools support this > overlapping ..? > > Regards, > Satavee > > > > On Feb 26, 2012, at 17:44, Pierre Christensen > <pie...@fr... <mailto:pie...@fr...>> wrote: > >> Hi Satavee, >> >> It might be related to the fact that you have overlapping networks on >> both sides of your VPN tunnel. >> What I suspect is that the TCP/ICMP packet reach your linux router in >> 192.168.24.1 but the packet is then processed by the racoon daemon >> and the packet with destination IP 192.168.24.1 is then pushed into >> the VPN tunnel. >> Now I suspect that the packet is bounced between the two VPN tunnels >> extremity until the TTL is expired our it will be dropped on the >> other side of your tunnel as src.IP is in a dst.network. >> This might be possible to check if there is a way to make a tcpdump >> in the encrypted tunnel. I don't know if this is possible, if someone >> can tell me a way for that ? >> >> Easy way for solving your issue might be to use a different network >> on 192.168.24.0/24 side which will not be in 192.16.0.0/16 range. >> >> Regards, >> Pierre >> >> Le 26/02/12 07:52, Satavee a écrit : >>> Hi Stephen, >>> >>> I've tried as your suggeston but My problem is still exist. >>> >>>>> ------- >>>>> note: router ip = 192.168.24.1/24 and my pc =192.168.24.2/24 gw >>>>> 192.168.24.1. >>> >>>> /sbin/ip route add 192.168.0.0/16 via 110.110.110.65 dev ethX src >>>> 192.168.24.1 >>> >>> This static route is related to right network. ===>>> but my problem >>> is " i cannot ping and ssh form my pc (192.168.24.2) to linux router >>> (192.168.24.1).... >>> >>> >>> >>> Again i can transfer fle btw 192.168.24.1 and 192.168.x.x. >>> >>> >>> Regards, >>> Satavee >>> On Feb 26, 2012, at 2:33, Stephen Clark <scl...@ea... >>> <mailto:scl...@ea...>> wrote: >>> >>>> On 02/24/2012 10:26 PM, Satavee wrote: >>>>> Hi All, >>>>> I've installed ipsec-tool + racoon for few week,currently Ipsec is >>>>> up, I >>>>> can send/receieve data over tunnel from both side. >>>>> >>>>> My problem is, I Can't access (ping & ssh) to linux's router after run >>>>> "setkey start". >>>>> >>>>> ---- >>>>> root@Racoon:/etc# cat ipsec-tools.conf >>>>> #!/usr/sbin/setkey -f >>>>> # Flush SAD and SPD >>>>> flush; >>>>> spdflush; >>>>> spdadd 192.168.24.0/24 192.168.0.0/16 any -P out ipsec >>>>> esp/tunnel/110.110.110.65-112.112.112.95/unique; >>>>> spdadd 192.168.0.0/16 192.168.24.0/24 any -P in ipsec >>>>> esp/tunnel/112.112.112.95-110.110.110.65/unique; >>>>> ------- >>>>> note: router ip = 192.168.24.1/24 and my pc =192.168.24.2/24 gw >>>>> 192.168.24.1 >>>>> >>>>> root@Racoon:/etc/racoon# racoon -V >>>>> @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net >>>>> <http://ipsec-tools.sourceforge.net/>) >>>>> >>>>> -- >>>>> >>>>> >>>>> Regards >>>>> Satavee >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Virtualization& Cloud Management Using Capacity Planning >>>>> Cloud computing makes use of virtualization - but cloud computing >>>>> also focuses on allowing computing to be delivered as a service. >>>>> http://www.accelacomm.com/jaw/sfnl/114/51521223/ >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ipsec-tools-devel mailing list >>>>> Ips...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel >>>>> >>>> >>>> /sbin/ip route add 192.168.0.0/16 via 110.110.110.65 dev ethX src >>>> 192.168.24.1 >>>> -- >>>> >>>> "They that give up essential liberty to obtain temporary safety, >>>> deserve neither liberty nor safety." (Ben Franklin) >>>> >>>> "The course of history shows that as a government grows, liberty >>>> decreases." (Thomas Jefferson) >>>> >>>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Virtualization& Cloud Management Using Capacity Planning >>> Cloud computing makes use of virtualization - but cloud computing >>> also focuses on allowing computing to be delivered as a service. >>> http://www.accelacomm.com/jaw/sfnl/114/51521223/ >>> >>> >>> _______________________________________________ >>> Ipsec-tools-devel mailing list >>> Ips...@li... >>> https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel >> ------------------------------------------------------------------------------ >> Virtualization & Cloud Management Using Capacity Planning >> Cloud computing makes use of virtualization - but cloud computing >> also focuses on allowing computing to be delivered as a service. >> http://www.accelacomm.com/jaw/sfnl/114/51521223/ >> _______________________________________________ >> Ipsec-tools-devel mailing list >> Ips...@li... >> <mailto:Ips...@li...> >> https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel |