[Vpn-help] Loosing default gateway and problems to connect

Gustavo Castro gcastrop at gmail.com
Mon Mar 19 12:34:18 CDT 2007

Hi, Matthew

  I'm testing the beta release 2.0. I've been able con connect to a racoon
server, configured like this:

remote xxx.yyy.zzz.aaa {
      exchange_mode main;
      my_identifier address "bbb.ccc.ddd.xxx";
      proposal_check strict;
      lifetime time 24 hour;

      nat_traversal on;
      ike_frag on;
      dpd_delay 30;

      proposal {
            encryption_algorithm 3des;
            hash_algorithm md5;
            authentication_method pre_shared_key;
            dh_group 2;
mode_cfg {
    pool_size 254;
    auth_source system;
sainfo anonymous {
      lifetime time 8 hour;
      encryption_algorithm 3des;
      authentication_algorithm hmac_md5;
      compression_algorithm deflate;

  I'm connecting from a windows 2000 machine, connected through a linux
firewall (ports UDP/500 and UDP/4500 are permitted). The destination
firewall have the appropriate ports open too (that may seems quite obvious,
but I stated it anyway).
  The problem I'm facing now is that I can't contact any machine in the
destination network (, and I'm losing local internet
connection when I connect to the racoon server.
  My local ethernet address is, and the vnet device is getting (through mode_cfg), but the default gateway ends configured as for that device when I connect, so my machine disconnect from
the rest of the world while the tunnel is up, so as you may imagine, is very
difficult to debug the connection with a sniffer in the other side. What I
really want is to connect to the other network without losing my actual
connection. I'm not sure if configuring a specific sainfo will help me fix
this issue or even if this is possible, so I'm open to any suggestions.
  As an aditional goodie to all this issue, when I connect to the other
network, I can't ping any other machine, but I'm not sure if I need to do
something else in the other side. I suspect my setup is not well configured,
as I only have configured net-to-net vpn before and this is not what I'm
used to.
  I'm pretty sure that this is a mistake from my part, but I don't seem to
understand exactly how this connection works in the first place...
  What test should I perform in the client side to ensure the problem is not
related to my local setup?
  What configuration changes may help me in the racoon side?

  Thank you in advance, and keep up with this excellent work!

     Gustavo Castro Puig.
     E-Mail: gcastrop at gmail.com

LPI Level-1 Certified (https://www.lpi.org/es/verify.html
LPID:LPI000042304 Verification Code: hp6re8w5qg )
Version: 3.12
GCS/CM/IT/ED dx s-:- a? C(+++)$ UL++++*$ P+ L++++(++)$ E--- W+++$ N+ o?
K- w O M V-- PS PE++(-) Y-(+) PGP+ t(++) 5+ X++ R tv+ b++(++++) DI+++
D++ G++ e++ h--- r y+++
Registered Linux User #69342
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20070319/6951f139/attachment-0002.html>

More information about the vpn-help mailing list