
<div dir="ltr"><div><div><div>Hi,<br><br></div>What the VPN Gateway ?<br></div>Do you have check the log of VPN Gateway and may be need some firewall rules ?<br><br></div>Cheers<div class="gmail_extra"><br><div class="gmail_quote">On Sat, Feb 20, 2016 at 6:38 AM,  <span dir="ltr"><<a href="mailto:jirka.mladenec@centrum.cz" target="_blank">jirka.mladenec@centrum.cz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I installed the package 'ike' from debian repositories. System is Debian 8.3 32-bit. I successfully connect to the VPN using the client, but have no internet connectivity, nor can I reach any machines on the VPN network. How do I make it work?<br>

<br>

The log is:<br>

config loaded for site 'remote'<br>

attached to key daemon ...<br>

peer configured<br>

iskamp proposal configured<br>

esp proposal configured<br>

client configured<br>

local id configured<br>

remote id configured<br>

pre-shared key configured<br>

bringing up tunnel ...<br>

network device configured<br>

tunnel enabled<br>

<br>

The VPN profile:<br>

n:version:4<br>

s:network-host:<a href="http://remote.work.com" rel="noreferrer" target="_blank">remote.work.com</a><br>

n:network-ike-port:500<br>

s:client-auto-mode:pull<br>

n:network-mtu-size:1380<br>

s:client-iface:virtual<br>

n:client-addr-auto:1<br>

s:network-natt-mode:enable<br>

n:network-natt-port:4500<br>

n:network-natt-rate:15<br>

s:network-frag-mode:enable<br>

n:network-frag-size:540<br>

n:network-dpd-enable:1<br>

n:client-banner-enable:1<br>

n:network-notify-enable:1<br>

n:client-dns-used:1<br>

n:client-dns-auto:0<br>

n:client-dns-suffix-auto:0<br>

s:client-dns-addr:192.168.2.251,192.168.2.252<br>

s:client-dns-suffix:work.local<br>

n:client-splitdns-used:1<br>

n:client-splitdns-auto:1<br>

n:client-wins-used:0<br>

n:client-wins-auto:1<br>

s:auth-method:mutual-psk-xauth<br>

s:ident-client-type:fqdn<br>

s:ident-server-type:any<br>

b:auth-mutual-psk:<redacted><br>

s:phase1-exchange:aggressive<br>

n:phase1-dhgroup:14<br>

s:phase1-cipher:aes<br>

n:phase1-keylen:256<br>

s:phase1-hash:sha2-256<br>

n:phase1-life-secs:86400<br>

n:phase1-life-kbytes:0<br>

n:vendor-chkpt-enable:0<br>

s:phase2-transform:esp-aes<br>

n:phase2-keylen:256<br>

s:phase2-hmac:sha2-256<br>

s:ipcomp-transform:disabled<br>

n:phase2-pfsgroup:14<br>

n:phase2-life-secs:3600<br>

n:phase2-life-kbytes:0<br>

s:policy-level:auto<br>

n:policy-nailed:0<br>

n:policy-list-auto:1<br>

<br>

Routes before connecting to VPN:<br>

$ sudo route<br>

Kernel IP routing table<br>

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface<br>

default         home.lan        0.0.0.0         UG    0      0        0 eth0<br>

192.168.1.0     *               255.255.255.0   U     0      0        0 eth0<br>

<br>

Routes after connecting to VPN (the external IP is redacted):<br>

$ sudo route<br>

Kernel IP routing table<br>

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface<br>

default         10.50.60.1      0.0.0.0         UG    0      0        0 tap0<br>

default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0<br>

10.50.60.0      *               255.255.255.0   U     0      0        0 tap0<br>

<redacted>      192.168.1.1     255.255.255.255 UGH   0      0        0 eth0<br>

192.168.1.0     *               255.255.255.0   U     0      0        0 eth0<br>

_______________________________________________<br>

vpn-help mailing list<br>

<a href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</a><br>

<a href="https://lists.shrew.net/mailman/listinfo/vpn-help" rel="noreferrer" target="_blank">https://lists.shrew.net/mailman/listinfo/vpn-help</a><br>

</blockquote></div><br></div></div>