<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"HPFutura Light";
panose-1:2 0 5 4 3 0 0 2 0 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"HPFutura Light";
color:black;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";
mso-fareast-language:EN-GB;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"HPFutura Light";mso-fareast-language:EN-US">Hi Henry<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"HPFutura Light";mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"HPFutura Light";mso-fareast-language:EN-US">Thanks, I figured out that the Windows server had the firewall enabled which was blocking the pings between the two servers. Thanks for everyone’s help,
its much appreciated. Shame it was such a simple mistake…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"HPFutura Light";mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"HPFutura Light";mso-fareast-language:EN-US">My next issue now is,
</span><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light"">I am trying to configure StrongSwan to allow access from mobile devices to internal resources on my network. I have a working VPN server in the sense I can connect and obtain a
virtual IP (on the 10.5.100.0/24 network) from the server. I have set the internal DNS server (172.17.61.10) in the /etc/ipsec.conf file (shown below).
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light"">Conn windows8<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""> Left = 10.1.0.2<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""> Leftcert=ss.cert<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""> Leftid=”<keeping secret>”<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""> Leftsubnet=172.17.61.20/24<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""> Leftfirewall=no<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""> Right=%any<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light"">
<span style="background:yellow;mso-highlight:yellow">Rightdns=172.17.61.10</span><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light"">
<span style="background:yellow;mso-highlight:yellow">Rightsourceip=10.5.100.0/24</span><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""> Rightsendercert=never<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""> Righted=”<keeping secret>”<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""> Keyexchange=ikev2<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""> Auto=add<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light"">However I am unable to access any of the resources. Having done some network snooping with Wireshark, I can see that the DNS requests are arriving at the DNS server
however they replies never get sent back to the client device. Do I need to set up some routing to allow this to happen?
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""><o:p> </o:p></span></p>
<pre style="line-height:18.0pt;background:white"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light"">I have already set the </span><span style="font-size:11.0pt;font-family:"HPFutura Light";background:yellow;mso-highlight:yellow">sysctl net.ipv4.ip_forward=1</span><span style="font-size:11.0pt;font-family:"HPFutura Light""> to allow for forwarding. Is there anything else that needs to be configured?<o:p></o:p></span></pre>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light"">Any help would be much appreciated. Thanks in advance.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"HPFutura Light";mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"HPFutura Light";mso-fareast-language:EN-US">Ben<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"HPFutura Light";mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"HPFutura Light";mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light"">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""> users-bounces@lists.strongswan.org [mailto:users-bounces@lists.strongswan.org]
<b>On Behalf Of </b>Jacques Henry<br>
<b>Sent:</b> 02 April 2014 19:45<br>
<b>To:</b> users@lists.strongswan.org<br>
<b>Subject:</b> [strongSwan] Fwd: Re: Question on Networking in StrongSwan<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"HPFutura Light""><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"HPFutura Light"">Forgot to CC the list...<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"HPFutura Light"">---------- Message transféré ----------<br>
De : "Jacques Henry" <<a href="mailto:caramba696@gmail.com"><span style="color:windowtext">caramba696@gmail.com</span></a>><br>
Date : 2 avr. 2014 20:43<br>
Objet : Re: [strongSwan] Question on Networking in StrongSwan<br>
À : "Hay, Ben (TS Consulting)" <<a href="mailto:ben.hay@hp.com"><span style="color:windowtext">ben.hay@hp.com</span></a>><br>
Cc : <br>
<br>
<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"HPFutura Light"">Hi,<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"HPFutura Light"">I see that your DNS server is a Windows server. Did you deactivate or configured the integrated firewall to accept incoming ping?<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"HPFutura Light"">Cheers<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"HPFutura Light"">Le 2 avr. 2014 06:17, "Hay, Ben (TS Consulting)" <<a href="mailto:ben.hay@hp.com" target="_blank"><span style="color:windowtext">ben.hay@hp.com</span></a>> a écrit :<o:p></o:p></span></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light"">Hi Everyone<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light"">I am currently trying to implement StrongSwan into a proof of concept on a laptop running VM Workstation. I am having
some issues with the networking between StrongSwan and the backend infrastructure.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light"">This is how my network currently looks…<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""><img border="0" width="646" height="283" id="_x0000_i1025" src="cid:image001.png@01CF4F1F.EA316580"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light"">Currently I have a good connection from the mobile devices, through a router and into StrongSwan. So the VPN server is
running and accepting requests. I can run a ping from the StrongSwan server to the router/mobile device fine. I can also run a ping from the DNS server to StrongSwan fine. However when I try to ping from Strong Swan to the DNS server, I get nothing at all.
They are both on the same virtual subnet, and can ping in one direction but not the other.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light"">So… pinging from the DNS server to StrongSwan, works fine…<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""><img border="0" width="552" height="153" id="_x0000_i1026" src="cid:image002.png@01CF4F1F.EA316580"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light"">However when pinging from StrongSwan to the DNS server, I get no response.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""><img border="0" width="503" height="87" id="_x0000_i1027" src="cid:image003.png@01CF4F1F.EA316580"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light"">This is my routing table in StrongSwan.. As you can see there is a route to connect to the DNS server which is 172.17.61.10
out of eth1 which is correct, but when I run the command I get no response. <o:p>
</o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""><img border="0" width="717" height="104" id="_x0000_i1028" src="cid:image004.png@01CF4F1F.EA316580"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light"">I have ran my environment on a different laptop to rule this out of the problem.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light"">Does anyone have any bright ideas as to what might be causing this issues. Any help would be much appreciated.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light"">Thanks in advance.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"HPFutura Light""> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light"">Regards</span><span style="font-size:11.0pt;font-family:"HPFutura Light""><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light""> </span></b><span style="font-size:11.0pt;font-family:"HPFutura Light""><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light"">Ben Hay</span></b><span style="font-size:11.0pt;font-family:"HPFutura Light""><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"HPFutura Light"">Technology Consultant</span><span style="font-size:11.0pt;font-family:"HPFutura Light""><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"HPFutura Light""><br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.strongswan.org" target="_blank"><span style="color:windowtext">Users@lists.strongswan.org</span></a><br>
<a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank"><span style="color:windowtext">https://lists.strongswan.org/mailman/listinfo/users</span></a><o:p></o:p></span></p>
</blockquote>
</div>
</div>
</div>
</body>
</html>