Simple gateway routing and VPN?
This is a discussion on Simple gateway routing and VPN? within the Slackware Linux Support forums, part of the Unix Operating Systems category; --> Hi all, I've got a Slackware box with the 2.6.8.1 kernel compiled with IPSec/VPN support, it's got one NIC ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-19-2008, 05:42 PM
| ||||
| ||||
 Simple gateway routing and VPN? Hi all, I've got a Slackware box with the 2.6.8.1 kernel compiled with IPSec/VPN support, it's got one NIC and is connected to an Internet router that has the the Slack box in DMZ. I'm trying to establish this machine as the new gateway in my LAN for various purposes instead of a hardware NAT only router. I'm using racoon to establish some VPN's (actually quite a lot of them), it all works well and the VPN's establish and I can communicate between sites. Machines on my local LAN using the Slack box as their gateway can also talk to the established VPN's... all is excellent. My problems started when I put a second NIC into the Slack box with a dedicated no-NAT bridged external IP. I've brought up the interface, set the IP/netmask and changed my default route. I can access the Net and so can clients on my internal LAN, I can establish my VPN's with racoon but I can't talk over them anymore, not even from the Slack console. Any ideas?? I've changed my ipsec.conf so that the setkey parameters use my NIC's dedicated external IP and this all seems OK because racoon is able to establish the SA's. I've dropped my firewall entirely for testing purposes and all tables are set to accept, still nothing, and ip_forward is definitely set to 1. My local LAN clients can still all access the Internet so I *think* that my box is routing between the two NIC's correctly but for some reason I get time outs connecting to VPN'd addresses. It feels like a routing problem to me but I just can't seem to spot it so if anyone can shed any light... The only thing that makes me think it's routing is that from my Slack box I did a traceroute to Google and found that the first hop came back as the Internet gateway on my local LAN rather than the IP of the second NIC which is what I would have expected it to be, given that the default route from "ip route" is set to use the external IP on the second NIC. Any suggestions would be greatly appreciated. Here's the deal if you need some numbers... ------------------- --------------------- | Internet Router | | Linux VPN Gateway | | 172.16.100.254 |--------| 172.16.100.5 | | (def. LAN GW) | | & 81.xx.xx.xx | ------------------- --------------------- | | (will scrap this link) | (when Slack GW works ) | | ------------------- | | LAN | | | 172.16.100.0/24 |-------------------- | | ------------------- Regards, Jon.      |
Linear Mode
