0

I have a ubuntu server with public ip and want to connect to some network with ipsec tunnel. I can establish the connection (tunel), but when I try to ping the internal network PCs, there is no answer. I'm using Openswan. Here is my topology:

(ubuntu box with public ip)  --- (vpn server/router) --- (some internal pc)

I don't have a network behind that linux server. I just want the connection from that server to the network and that I can ping the internal PCs. Ii assume that when I ping something, it tries to ping it via internet. How can I add the route to go through ipsec tunnel because I dont get any new interface when I connect to ipsec tunnel.

My server is the ipsec client.

Here are my ipsec settings:

config setup
     virtual_private="%v4:10.172.110.0/24"
     nat_traversal=yes
     protostack=netkey
     oe=no
     plutoopts="--interface=eth0"
     plutodebug=all
conn myvpnconn
     authby=secret
     pfs=no
     phase2=esp
     ike=aes256-sha1
     auto=add
     keyingtries=3
     dpddelay=30
     dpdtimeout=120
     dpdaction=clear
     rekey=yes
     keyexchange=ike
     ikelifetime=8h
     keylife=1h 
     type=tunnel
     leftsubnet=10.20.30.0/24
     left=1.1.1.1
     leftsourceip=10.20.30.1
     right=2.2.2.2
     rightsubnet=10.172.110.0/24
     rightnexthop=%defaultroute
     phase2alg=aes256-sha1
Diamond
  • 9,001
  • 3
  • 24
  • 38
ane
  • 1
  • Can you post the config of the VPN server too? Make sure you edit out the keys. Its possible the router expects more than just an IPSEC tunnel (for instance it may expect IPSEC/L2TP IPSEC/PPTP or IPSEC/GRE) – Tricky Dec 17 '15 at 14:21
  • i dont control the other side this is just the data i got. i assume that i would get info if i need l2tp or something similar. – ane Dec 17 '15 at 14:26
  • Hard to know... although many VPN concentrators can do pure IPSEC tunnels, its more common to use IPSEC for encryption of a link layer encapsulation like L2TP. The link layer is useful for handling user authentication and DHCP. You should probably ask the administators of the service. If they don't know, they should at least be able to tell you what kind of VPN concentrator is used, and the most common client end software (Cisco EasyVPN, F5, Juniper etc) – Tricky Dec 17 '15 at 15:13

0 Answers0