[vpn-help] FVS338 tunnel established but can't ping remote IP's/SSH/DNS etc.

David Borges david.borges at skitter.tv
Wed Jan 12 12:09:47 CST 2011 

Matthew,

I did read the post yesterday and modified the confs.  Maybe you can see
something I missed.

dborges at dborges-ThinkPad-R400:/etc$ sudo grep -r rp_filter *
grep: blkid.tab: No such file or directory
firestarter/sysctl-tuning:if
[ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
firestarter/sysctl-tuning:  for f in /proc/sys/net/ipv4/conf/*/rp_filter
sysctl.conf:#net.ipv4.conf.default.rp_filter=1
sysctl.conf:#net.ipv4.conf.all.rp_filter=1
sysctl.d/10-network-security.conf:net.ipv4.conf.default.rp_filter=0
sysctl.d/10-network-security.conf:net.ipv4.conf.all.rp_filter=0


dborges at dborges-ThinkPad-R400:/etc$ sudo sysctl -a | grep rp_filter |
grep -v arp
error: "Invalid argument" reading key "fs.binfmt_misc.register"
error: permission denied on key 'net.ipv4.route.flush'
error: permission denied on key 'net.ipv6.route.flush'
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.wlan0.rp_filter = 0
net.ipv4.conf.tap0.rp_filter = 0

dborges at dborges-ThinkPad-R400:/etc$ ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
^C
--- 10.1.1.1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4031ms

my ifconfig output:

tap0      Link encap:Ethernet  HWaddr 86:ed:87:3f:cc:61  
          inet addr:10.1.2.150  Bcast:10.1.2.255  Mask:255.255.255.0
          inet6 addr: fe80::84ed:87ff:fe3f:cc61/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1380  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr 00:21:6b:9a:59:0c  
          inet addr:192.168.1.101  Bcast:192.168.1.255
Mask:255.255.255.0
          inet6 addr: fe80::221:6bff:fe9a:590c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4256676 errors:0 dropped:0 overruns:0 frame:0
          TX packets:662415 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1539155054 (1.5 GB)  TX bytes:97318283 (97.3 MB)

ip route show output:
dborges at dborges-ThinkPad-R400:/etc$ ip route show
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.101
metric 2 
10.1.1.0/24 via 10.1.2.150 dev tap0  proto static 
10.1.2.0/24 dev tap0  proto kernel  scope link  src 10.1.2.150 
169.254.0.0/16 dev wlan0  scope link  metric 1000 
default via 192.168.1.1 dev wlan0  proto static 


Any more ideas?? :)

Thank you,

Dave







On Wed, 2011-01-12 at 11:46 -0600, Matthew Grooms wrote:
> On 1/12/2011 9:50 AM, David Borges wrote:
> > 2011 Jan 12 10:42:41 [FVS338] [IKE] IPsec-SA established[UDP encap
> > 4500->4500]: ESP/Tunnel xx.yy.216.191->x.yy.57.73 with
> > spi=236260712(0xe150d68)_
> > 2011 Jan 12 10:42:41 [FVS338] [IKE] IPsec-SA established[UDP encap
> > 4500->4500]: ESP/Tunnel x.yy.57.73->xx.yy.216.191 with
> > spi=179647494(0xab53406)_
> 
> David,
> 
> It says an IPsec SA has been established. Since this is a Linux client 
> host, have you read the following post?
> 
> http://lists.shrew.net/pipermail/vpn-help/2008-November/000950.html
> 
> -Matthew

More information about the vpn-help mailing list