[vpn-help] IPSec VPN to NetASQ not working when client inside same network class.

Alexis La Goutte alexis.lagoutte at gmail.com
Mon Dec 31 03:56:50 CST 2012


On Mon, Dec 31, 2012 at 9:58 AM, Jochen Boutens <
jochen.boutens at finalbeta.net> wrote:

> Hello, ****
>
> ** **
>
> (Some items have been changed, mail addresses, server address, subnets
> have been changed to another subnet in the same class)****
>
> ** **
>
> VPN Client config export:****
>
> ** **
>
> n:version:4****
>
> n:network-ike-port:500****
>
> n:network-mtu-size:1380****
>
> n:client-addr-auto:1****
>
> n:network-natt-port:4500****
>
> n:network-natt-rate:15****
>
> n:network-frag-size:540****
>
> n:network-dpd-enable:1****
>
> n:client-banner-enable:0****
>
> n:network-notify-enable:1****
>
> n:client-dns-used:1****
>
> n:client-dns-auto:0****
>
> n:client-dns-suffix-auto:0****
>
> n:client-splitdns-used:1****
>
> n:client-splitdns-auto:0****
>
> n:client-wins-used:0****
>
> n:client-wins-auto:0****
>
> n:phase1-dhgroup:2****
>
> n:phase1-keylen:128****
>
> n:phase1-life-secs:21600****
>
> n:phase1-life-kbytes:0****
>
> n:vendor-chkpt-enable:0****
>
> n:phase2-keylen:128****
>
> n:phase2-life-secs:3600****
>
> n:phase2-life-kbytes:0****
>
> n:policy-nailed:0****
>
> n:policy-list-auto:0****
>
> s:network-host:vpn.fake.com****
>
> s:client-auto-mode:disabled****
>
> s:client-iface:direct****
>
> s:network-natt-mode:enable****
>
> s:network-frag-mode:enable****
>
> s:client-dns-addr:10.10.68.5****
>
> s:client-dns-suffix:fake.com****
>
> s:auth-method:mutual-psk****
>
> s:ident-client-type:ufqdn****
>
> s:ident-server-type:ufqdn****
>
> s:ident-client-data:fake at fake.com****
>
> s:ident-server-data:vpnfake at fake.com****
>
> b:auth-mutual-psk:CompletelyFakeKey****
>
> s:phase1-exchange:aggressive****
>
> s:phase1-cipher:aes****
>
> s:phase1-hash:sha1****
>
> s:phase2-transform:esp-aes****
>
> s:phase2-hmac:sha1****
>
> s:ipcomp-transform:disabled****
>
> n:phase2-pfsgroup:2****
>
> s:policy-level:unique****
>
> s:policy-list-include:10.10.68.0 / 255.255.255.0****
>
> ** **
>
> Ifconfig on the device:****
>
> >ifconfig****
>
> ****
>
> em0: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,PPROMISC>
> mtu 1504****
>
> options=5b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,POLLING>****
>
> ether 00:0d:b4:09:27:db****
>
> media: Ethernet autoselect (1000baseTX <full-duplex>)****
>
> status: active****
>
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 1500****
>
> inet 127.0.0.1 netmask 0xffffff00 ****
>
> lo1: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500****
>
> lo2: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500****
>
> lo3: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500****
>
> lo4: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500****
>
> lo5: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500****
>
> enc0: flags=41<UP,RUNNING> mtu 1536****
>
> eth0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500*
> ***
>
> options=8<VLAN_MTU>****
>
> inet 91.*.*.* netmask 0xffffffe0 broadcast 91.*.*.*****
>
> ether 00:0d:b4:09:29:1c****
>
> media: Ethernet autoselect (100baseTX <full-duplex>)****
>
> status: active****
>
> eth1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500*
> ***
>
> options=8<VLAN_MTU>****
>
> ether 00:0d:b4:09:29:1c****
>
> media: Ethernet autoselect****
>
> eth2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500*
> ***
>
> options=8<VLAN_MTU>****
>
> inet 10.10.68.254 netmask 0xffffff00 broadcast 10.10.68.255****
>
> inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255****
>
> inet 10.10.61.254 netmask 0xffffff00 broadcast 10.10.61.255****
>
> inet 10.10.62.254 netmask 0xffffff00 broadcast 10.10.62.255****
>
> ether 00:0d:b4:09:29:1e****
>
> media: Ethernet autoselect (1000baseTX <full-duplex>)****
>
> status: active****
>
> eth3: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500****
>
> options=8<VLAN_MTU>****
>
> ether 00:0d:b4:09:29:1f****
>
> media: Ethernet autoselect****
>
> eth4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500****
>
> options=8<VLAN_MTU>****
>
> inet 192.168.231.2 netmask 0xfffffffc broadcast 192.168.231.3****
>
> ether 00:0d:b4:09:27:e0****
>
> media: Ethernet autoselect (1000baseTX <full-duplex>)****
>
> status: active****
>
> eth5: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500****
>
> options=8<VLAN_MTU>****
>
> inet 192.168.231.6 netmask 0xfffffffc broadcast 192.168.231.7****
>
> ether 00:0d:b4:09:27:e1****
>
> media: Ethernet autoselect (1000baseTX <full-duplex>)****
>
> status: active****
>
> ** **
>
> Met vriendelijke groeten,****
>
> ** **
>
> *Boutens Jochen*
> Email: Jochen.Boutens at Finalbeta.net****
>
> **
>
Hi Jochen,
Thanks for information.
No static route in your VPN Gateway ? (to any 10.x.x network ?)
It is possible to add also VPN Logs ? (from your VPN Gateway)



> **
>
> ** **
>
> *From:* prolag at gmail.com [mailto:prolag at gmail.com] *On Behalf Of *Alexis
> La Goutte
> *Sent:* zondag 30 december 2012 18:07
> *To:* Jochen.Boutens at finalbeta.net
> *Cc:* vpn-help at lists.shrew.net
> *Subject:* Re: [vpn-help] IPSec VPN to NetASQ not working when client
> inside same network class.****
>
> ** **
>
> Hi Jochen,
>
> It is possible to attach your configuration ?
> How to your VPN Gateway is configured ? (it is possible to attach a ifinfo
> ?)
>
> Regards,****
>
> On Fri, Dec 28, 2012 at 8:12 AM, Finalbeta <finalbeta at gmail.com> wrote:***
> *
>
> Hello list,****
>
>  ****
>
> I’m facing a problem with the VPN client  (I think it is the client part)
> when my client is inside the same network class. ****
>
> My tested clients are windows 7 or 8.
>
> My company subnet is 10.10.5.0/24 and 10.10.6.0/24****
>
> My clients have no problem when they are inside a class B or C subnet. (So
> clients connecting from 172.16.* or 192.168.* have no problem connecting)*
> ***
>
> The same clients connecting from a local 10.10.*/24 can set up the ipsec
> tunnel to the company, but it times out. I can get no traffic across it.
> After several seconds the client gets disconnected. ****
>
>  ****
>
> I’m using the netasq guide from the wiki. I’ve configured the remote
> networks manually inside the configuration and I am using the local IP
> address on the client. ****
>
>  ****
>
> Thank you****
>
> Jochen (finalbeta at gmail.com)****
>
>  ****
>
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help****
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20121231/5a01315e/attachment-0002.html>


More information about the vpn-help mailing list