[vpn-help] racoon & ike: Missing the last tiny bit ... [solved?]

Clemens Perz cperz at gmx.net
Fri Mar 19 09:01:01 CDT 2010 

Hmm, but it is not the best solution. Because now all connections inside 
the vpn are originating from my internal eth0 ip address, which might 
change when I move between DHCP driven networks.

Will need to get back to tap then. It seems, that packages make it to 
the kernel, but somehow do not arrive at the tap device. Does that make 
sense to someone? Which screw I have to turn to make it work?

Cheers,
Clemens


Clemens Perz wrote:
> Hi Stefan,
> 
> I could get it to work - changed the local host address method from 
> virtual adapter to existing adapter. Full access to my vpn :)
> 
> -> this looks like it needs something more to get the tap thing working
> 
> No I went back to my windows configuration and changed it there too - 
> and wow, it works and connects much faster!
> 
> Do you know if using this setting on windows still uses the shrewsoft 
> virtual adapter?
> 
> Thanks!
> Clemens
> 
> 
> 
> Clemens Perz wrote:
>> Stefan Bauer wrote:
>>> Am 19.03.2010 10:53, Clemens Perz schrieb:
>>>> Hi all!
>>>>
>>>> I am suffering from a lack of genius here :))
>>>>
>>>> A debian lenny with racoon up and running serves as vpn backend. 
>>>> Originally, I created a working configuration using the Shrewsoft client 
>>>> for Windows, used that for a while and it still works perfect.
>>>>
>>>> Now I want the same thing on Ubuntu Karmic, i.e. 9.10. First I just 
>>>> installed the client, imported my existing configuration and connected 
>>>> to the server. Everything fine, it connects, gets the config, creates 
>>>> the tap0, sets the routes. But when I ping one of the private hosts 
>>>> inside the vpn no packages find their way back and ping just says nothing.
>>>>
>>>> When I trace the packages with tcpdump I see that all targets return the 
>>>> right stuff, so the ping packages are routed to the target, processed 
>>>> and answered. The answer package has the ip of the pinged host as 
>>>> source, the tap0 ip as target and should do fine. That happens with all 
>>>> protocols - I see the routing working, but the requesting application 
>>>> gets nothing.
>>> Do you see at the ubuntu client side any icmp-answers incoming at
>>> network layer?
>>>
>>> Does it work to ping from the vpn-server to the ubuntu client?
>>>
>>> Could you also please try if setting 1 or 0 to
>>> /proc/sys/net/ipv6/bindv6only does change anything?
>>>
>>> Stefan
>>>
>> _______________________________________________
>> vpn-help mailing list
>> vpn-help at lists.shrew.net
>> http://lists.shrew.net/mailman/listinfo/vpn-help
>>
> 
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>

More information about the vpn-help mailing list