[vpn-help] racoon & ike: Missing the last tiny bit ...

Clemens Perz cperz at gmx.net
Fri Mar 19 04:53:22 CDT 2010

Hi all!

I am suffering from a lack of genius here :))

A debian lenny with racoon up and running serves as vpn backend. 
Originally, I created a working configuration using the Shrewsoft client 
for Windows, used that for a while and it still works perfect.

Now I want the same thing on Ubuntu Karmic, i.e. 9.10. First I just 
installed the client, imported my existing configuration and connected 
to the server. Everything fine, it connects, gets the config, creates 
the tap0, sets the routes. But when I ping one of the private hosts 
inside the vpn no packages find their way back and ping just says nothing.

When I trace the packages with tcpdump I see that all targets return the 
right stuff, so the ping packages are routed to the target, processed 
and answered. The answer package has the ip of the pinged host as 
source, the tap0 ip as target and should do fine. That happens with all 
protocols - I see the routing working, but the requesting application 
gets nothing.

I tried to run as root and as user. I did set the 1 in ip_forward. I 
even compiled and packaged the 2.1.6-beta-4 and created new Ubuntu 
packages - nothing yet.

When I look at the SAD and SPD tables there is nothing unusual. I 
created a racoon -> racoon setup which is working and both tables look 
pretty much the same compared to what they show when I try the 
connection with ikea.

I am pretty sure I am missing only a little thing here, but it seems I 
cannot find the answer myself. So any hint would be very helpful :)

Thanks in advance,

More information about the vpn-help mailing list