Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 2199 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

vpn traceroute problem

Justin_01
Hi,

I'am testing a net-to-net vpn, using two Astaro configurations.

Can you tell me what the problem is if I get the following results:

When I traceroute to the internal interface of the astaro machine on the other subnet I get: (this looks ok)
 
/usr/sbin/traceroute 192.168.1.10
traceroute to 192.168.1.10 (192.168.1.10), 30 hops max, 38 byte packets
 1  192.168.0.122 (192.168.0.122)  0.437 ms  0.337 ms  0.307 ms
 2  192.168.1.10 (192.168.1.10)  347.833 ms  193.626 ms  271.872 ms

If I try the same to any client in that subnet I get:

/usr/sbin/traceroute 192.168.1.9
traceroute to 192.168.1.9 (192.168.1.9), 30 hops max, 38 byte packets
 1  192.168.0.122 (192.168.0.122)  1.051 ms  0.334 ms  0.305 ms
 2  * * *
 3  192.168.1.9 (192.168.1.9)  168.923 ms  162.091 ms  162.921 ms
What goes wrong here?

Justin


This thread was automatically locked due to age.
Parents
  • 0
    Hi Justin, 

    how dows your vpn setup look like ?

    gert
  • 0 in reply to Gert Hansen
    Astaro machine 1:

    Nics:

    internal: 192.168.0.122 255.255.255.0
    external: 221.221.221.10 255.255.255.192

    Defenitions:

    lan  192.168.0.0  255.255.255.0
    US_side_gw  123.123.123.11  255.255.255.255
    US_side_lan  192.168.1.0  255.255.255.0

    vpn config:

    Name: NL
    Perfect Secret Forwarding: yes
    Secure Association: ike
    Authentication method: secret
    Secret: blabla
    Local interface: external
    Local subnet: lan
    Remote IP: US_side_gw
    Remote subnet: US_side_lan


    Astaro machine 2:

    Nics:

    internal: 192.168.1.10 255.255.255.0
    external: 123.123.123.11 255.255.255.0

    Defenitions:

    lan 192.168.1.0 255.255.255.0
    NL_side_gw 221.221.221.10 255.255.255.255
    NL_side_lan 192.168.0.0 255.255.255.0

    vpn config:

    Name: US
    Perfect Secret Forwarding: yes
    Secure Association: ike
    Authentication method: secret
    Secret: blabla
    Local interface: external
    Local subnet: lan
    Remote IP: NL_side_gw
    Remote subnet: NL_side_lan


    The VPN seems to work... pinging from both lans works.

    but still the traceroute problem..

    I hope you have any suggestions.

    Justin
Reply
  • 0 in reply to Gert Hansen
    Astaro machine 1:

    Nics:

    internal: 192.168.0.122 255.255.255.0
    external: 221.221.221.10 255.255.255.192

    Defenitions:

    lan  192.168.0.0  255.255.255.0
    US_side_gw  123.123.123.11  255.255.255.255
    US_side_lan  192.168.1.0  255.255.255.0

    vpn config:

    Name: NL
    Perfect Secret Forwarding: yes
    Secure Association: ike
    Authentication method: secret
    Secret: blabla
    Local interface: external
    Local subnet: lan
    Remote IP: US_side_gw
    Remote subnet: US_side_lan


    Astaro machine 2:

    Nics:

    internal: 192.168.1.10 255.255.255.0
    external: 123.123.123.11 255.255.255.0

    Defenitions:

    lan 192.168.1.0 255.255.255.0
    NL_side_gw 221.221.221.10 255.255.255.255
    NL_side_lan 192.168.0.0 255.255.255.0

    vpn config:

    Name: US
    Perfect Secret Forwarding: yes
    Secure Association: ike
    Authentication method: secret
    Secret: blabla
    Local interface: external
    Local subnet: lan
    Remote IP: NL_side_gw
    Remote subnet: NL_side_lan


    The VPN seems to work... pinging from both lans works.

    but still the traceroute problem..

    I hope you have any suggestions.

    Justin
Children
No Data
Unfiltered HTML