[vpn-help] VPN not working

jirka.mladenec at centrum.cz jirka.mladenec at centrum.cz
Fri Feb 19 23:38:36 CST 2016 

I installed the package 'ike' from debian repositories. System is Debian 8.3 32-bit. I successfully connect to the VPN using the client, but have no internet connectivity, nor can I reach any machines on the VPN network. How do I make it work?

The log is:
config loaded for site 'remote'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled

The VPN profile:
n:version:4
s:network-host:remote.work.com
n:network-ike-port:500
s:client-auto-mode:pull
n:network-mtu-size:1380
s:client-iface:virtual
n:client-addr-auto:1
s:network-natt-mode:enable
n:network-natt-port:4500
n:network-natt-rate:15
s:network-frag-mode:enable
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:1
n:network-notify-enable:1
n:client-dns-used:1
n:client-dns-auto:0
n:client-dns-suffix-auto:0
s:client-dns-addr:192.168.2.251,192.168.2.252
s:client-dns-suffix:work.local
n:client-splitdns-used:1
n:client-splitdns-auto:1
n:client-wins-used:0
n:client-wins-auto:1
s:auth-method:mutual-psk-xauth
s:ident-client-type:fqdn
s:ident-server-type:any
b:auth-mutual-psk:<redacted>
s:phase1-exchange:aggressive
n:phase1-dhgroup:14
s:phase1-cipher:aes
n:phase1-keylen:256
s:phase1-hash:sha2-256
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
s:phase2-transform:esp-aes
n:phase2-keylen:256
s:phase2-hmac:sha2-256
s:ipcomp-transform:disabled
n:phase2-pfsgroup:14
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
s:policy-level:auto
n:policy-nailed:0
n:policy-list-auto:1

Routes before connecting to VPN:
$ sudo route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         home.lan        0.0.0.0         UG    0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0

Routes after connecting to VPN (the external IP is redacted):
$ sudo route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.50.60.1      0.0.0.0         UG    0      0        0 tap0
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
10.50.60.0      *               255.255.255.0   U     0      0        0 tap0
<redacted>      192.168.1.1     255.255.255.255 UGH   0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0

More information about the vpn-help mailing list