[vpn-help] Connecting to Zywall - Tunnel established, routing broken?

Ralf Steppacher ralf at steppacher.name
Thu Aug 5 01:26:12 CDT 2010 

Matthew,

thanks for the fast response. Unfortunately making the change you
suggest does not make a difference. Depending on what I set under the
policy tab I get two different results when trying to ping a host on the
remote network:

ralf at ralf-ubuntu:/etc$ ping 192.168.50.10
PING 192.168.50.10 (192.168.50.10) 56(84) bytes of data.
^C
--- 192.168.50.10 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7006ms

Or

ralf at ralf-ubuntu:/etc$ ping 192.168.50.10
PING 192.168.50.10 (192.168.50.10) 56(84) bytes of data.
>From 192.168.50.81 icmp_seq=1 Destination Host Unreachable
>From 192.168.50.81 icmp_seq=2 Destination Host Unreachable
>From 192.168.50.81 icmp_seq=3 Destination Host Unreachable
>From 192.168.50.81 icmp_seq=4 Destination Host Unreachable
>From 192.168.50.81 icmp_seq=5 Destination Host Unreachable
>From 192.168.50.81 icmp_seq=6 Destination Host Unreachable
^C
--- 192.168.50.10 ping statistics ---
7 packets transmitted, 0 received, +6 errors, 100% packet loss, time
6018ms
, pipe 4

192.168.50.81 is the IP assigned to the tap0 interface.


Thanks for your help!
Ralf


On Wed, 2010-08-04 at 22:57 -0500, Matthew Grooms wrote:
> On 8/4/2010 9:13 AM, Ralf Steppacher wrote:
> > Hello all,
> >
> > I am trying to connect to our corporate network via a Zywall and the Shrew VPN Client 2.1.5 from my Ubuntu 10.04 PC. I followed the Zywall wiki howto as best as I could, having no access to the Zywall configuration.
> >
> > I managed to establish a tunnel from my PC to the Zywall, but none of the IP addresses on the remote network are reachable/pingable. My local gateway is still pingable though. I guess it is a routing issue?
> >
> > My kernel routes with the tunnel open look like this. 192.168.1.0 being my local network, 192.168.50.0 being the corporate network.
> >
> > ralf at ralf-ubuntu:~$ route
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> > default         192.168.50.81   255.255.255.0   UG    0      0        0 tap0
> > 192.168.50.0    *               255.255.255.0   U     0      0        0 tap0
> > 192.168.1.0     *               255.255.255.0   U     2      0        0 wlan0
> > link-local      *               255.255.0.0     U     1000   0        0 wlan0
> > default         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
> >
> > Does that look right to you?
> >
> > If it is OK, what else could be wrong?
> > In particular, I am unsure about what to set on the "Policy" tab of the client.
> >
> 
> Did you read this?
> 
> http://lists.shrew.net/mailman/htdig/vpn-help/2008-November/001827.html
> 
> -Matthew
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help

More information about the vpn-help mailing list