Vpnd: Config misunderstood or route problem?

Vpnd: Config misunderstood or route problem?

Post by Mogens Valenti » Wed, 06 Feb 2002 09:21:36



I've got a problem with vpnd. Here's the setup:

  cisco -- firewall-vpn-gw  -- internal nets: 10.{2. 3. 10. 11. 12. 13.}
10.0.0.1  10.0.0.2  |
                   10.1.0.1 -- clientnet-vpn-gw ----- testclient
                              10.1.0.2 10.15.0.1      10.15.0.5

So, right now I'm not using vpnd over the internet, just testing on an
internal unused segment.

Connection between the two vpn-gw's comes up fine, ie. 'connect from..'
and 'compression enabled'.
Sitting on clientnet-vpn-gw, I can traceroute hosts on internal nets and
on the internet, access inet websites with lynx and so forth.
From testclient, I can trace as far as to 10.1.0.2, but not to 10.1.0.1
.
From hosts on internal nets, ie. 10.12., I can't trace to 10.15.0.5 .

Below is the conf-files.
But this is weird for me: If I use 'server 10.0.0.2' in both setups, I
can get access to the internet from testclient (10.15.0.5), but not to
internal segments (like 10.12. ).
I'm sure I've missed something in the docs, probably about the serial
links and local/remote IP#'s.

Partial firewall-vpn-gw server setup:
mode server
client 10.1.0.2 19987
server 10.1.0.1 19987
local 10.15.0.2
remote 10.15.0.1
autoroute

Partial clientnet-vpn-gw vpnd.conf:
mode client
client 10.1.0.2 19987
server 10.1.0.1 19987
local 10.15.0.1
remote 10.15.0.2
autoroute

Firewall-vpn-gw 'route -n':
Destination   Gateway     Genmask         Flags Metric Ref Use Iface
10.2.0.1      0.0.0.0     255.255.255.255 UH    0      0     0 eth2
10.10.0.1     0.0.0.0     255.255.255.255 UH    0      0     0 eth4
10.3.0.1      0.0.0.0     255.255.255.255 UH    0      0     0 eth3
10.11.0.1     0.0.0.0     255.255.255.255 UH    0      0     0 eth5
10.1.0.1      0.0.0.0     255.255.255.255 UH    0      0     0 eth1
10.0.0.2      0.0.0.0     255.255.255.255 UH    0      0     0 eth0
10.15.0.1     0.0.0.0     255.255.255.255 UH    0      0     0 sl0
10.12.0.1     0.0.0.0     255.255.255.255 UH    0      0     0 eth6
10.13.0.1     0.0.0.0     255.255.255.255 UH    0      0     0 eth7
10.2.0.0      0.0.0.0     255.255.0.0     U     0      0     0 eth2
10.3.0.0      0.0.0.0     255.255.0.0     U     0      0     0 eth3
10.0.0.0      0.0.0.0     255.255.0.0     U     0      0     0 eth0
10.1.0.0      0.0.0.0     255.255.0.0     U     0      0     0 eth1
10.10.0.0     0.0.0.0     255.255.0.0     U     0      0     0 eth4
10.11.0.0     0.0.0.0     255.255.0.0     U     0      0     0 eth5
10.12.0.0     0.0.0.0     255.255.0.0     U     0      0     0 eth6
10.13.0.0     0.0.0.0     255.255.0.0     U     0      0     0 eth7
127.0.0.0     0.0.0.0     255.0.0.0       U     0      0     0 lo
0.0.0.0       10.0.0.1    0.0.0.0         UG    0      0     0 eth0

--
Regards,
           Mr Dev - Mogens Valentin

OpenSource Security - Networking - Programming