This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC Roadwarrior w/ Pgpnet (no IP!)

I am conducting a product analysis on ASL and encountered the following problem :

I have read the Astato VPN Howto (from docs.astaro.org) and followed the instructions for IPSEC roadwarrior configuration with PGPnet.

I can succesfully create IKE/IPSEC SA with my ASL server when the connection is establish I can't see any IP address defined from the IPSEC pool I have created or any IP routing changes...

Client is W2K w/ PGPnet 7.0.3. Server is latest ASL stable.

[:S]

Anyone can think of something?

Regards,
Patrice.

This thread was automatically locked due to age.

Parents

0 TnM over 23 years ago

I reply to myself for further help to anyone needing it :

With IPSEC there is no such thing as routing with additionnal virtual ip like PPTP...

When a SA is succesfully created and you initiate a IP connection to a host inside a network the packet gets automatically translated (something like Destination NAT) and routed to the internal network.

The packet will have a source address of public IP and destination of private IP.

Hosts on the private network MUST have proper routing to send back public traffic to ipsec gateway.

NOTE! : Make sure you double check your packet forwarding rules. It should go like that :

VPNCLIENT-Any-Internal Network-Allow
Internal Network-Any-VPNCLIENT-Allow

[;)]

Here we go!
Patrice.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 TnM over 23 years ago

I reply to myself for further help to anyone needing it :

With IPSEC there is no such thing as routing with additionnal virtual ip like PPTP...

When a SA is succesfully created and you initiate a IP connection to a host inside a network the packet gets automatically translated (something like Destination NAT) and routed to the internal network.

The packet will have a source address of public IP and destination of private IP.

Hosts on the private network MUST have proper routing to send back public traffic to ipsec gateway.

NOTE! : Make sure you double check your packet forwarding rules. It should go like that :

VPNCLIENT-Any-Internal Network-Allow
Internal Network-Any-VPNCLIENT-Allow

[;)]

Here we go!
Patrice.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 JJCher over 23 years ago in reply to TnM

Your information is helpful.

But my problem is I need to assign something like SNAT to packets from VPN clients to internal. Because we have company WAN and internal host shouldn't set ASL as their default route. Is it possible on ASL? And, if I can set SNAT as above, how to make ASL internal interface listen on packets replied to that virtual NATed address/pool?

Thank you very much.
Cancel
Vote Up 0 Vote Down

Cancel
0 TnM over 23 years ago in reply to JJCher

What are your VPNClients ? Roadwarrior setup (dynamic) or known IP (static) ?
Cancel
Vote Up 0 Vote Down

Cancel
0 JJCher over 23 years ago in reply to TnM

Dynamic.
Cancel
Vote Up 0 Vote Down

Cancel
0 goldfly over 23 years ago in reply to JJCher

Just turn on the masking from pptp to internal....

Yes?
Cancel
Vote Up 0 Vote Down

Cancel