[strongSwan] Fwd: Re: Question on Networking in StrongSwan

Hay, Ben (TS Consulting) ben.hay at hp.com
Thu Apr 3 10:34:33 CEST 2014 

Hi Henry

Thanks, I figured out that the Windows server had the firewall enabled which was blocking the pings between the two servers. Thanks for everyone's help, its much appreciated. Shame it was such a simple mistake...

My next issue now is, I am trying to configure StrongSwan to allow access from mobile devices to internal resources on my network. I have a working VPN server in the sense I can connect and obtain a virtual IP (on the 10.5.100.0/24 network) from the server. I have set the internal DNS server (172.17.61.10) in the /etc/ipsec.conf file (shown below).

Conn windows8
          Left = 10.1.0.2
          Leftcert=ss.cert
          Leftid="<keeping secret>"
          Leftsubnet=172.17.61.20/24
          Leftfirewall=no
          Right=%any
          Rightdns=172.17.61.10
          Rightsourceip=10.5.100.0/24
          Rightsendercert=never
          Righted="<keeping secret>"
          Keyexchange=ikev2
          Auto=add

However I am unable to access any of the resources. Having done some network snooping with Wireshark, I can see that the DNS requests are arriving at the DNS server however they replies never get sent back to the client device. Do I need to set up some routing to allow this to happen?


I have already set the sysctl net.ipv4.ip_forward=1 to allow for forwarding. Is there anything else that needs to be configured?


Any help would be much appreciated. Thanks in advance.

Ben


From: users-bounces at lists.strongswan.org [mailto:users-bounces at lists.strongswan.org] On Behalf Of Jacques Henry
Sent: 02 April 2014 19:45
To: users at lists.strongswan.org
Subject: [strongSwan] Fwd: Re: Question on Networking in StrongSwan


Forgot to CC the list...
---------- Message transféré ----------
De : "Jacques Henry" <caramba696 at gmail.com<mailto:caramba696 at gmail.com>>
Date : 2 avr. 2014 20:43
Objet : Re: [strongSwan] Question on Networking in StrongSwan
À : "Hay, Ben (TS Consulting)" <ben.hay at hp.com<mailto:ben.hay at hp.com>>
Cc :


Hi,

I see that your DNS server is a Windows server. Did you deactivate or configured the integrated firewall to accept incoming ping?

Cheers
Le 2 avr. 2014 06:17, "Hay, Ben (TS Consulting)" <ben.hay at hp.com<mailto:ben.hay at hp.com>> a écrit :
Hi Everyone

I am currently trying to implement StrongSwan into a proof of concept on a laptop running VM Workstation. I am having some issues with the networking between StrongSwan and the backend infrastructure.

This is how my network currently looks...

[cid:image001.png at 01CF4F1F.EA316580]


Currently I have a good connection from the mobile devices, through a router and into StrongSwan. So the VPN server is running and accepting requests. I can run a ping from the StrongSwan server to the router/mobile device fine. I can also run a ping from the DNS server to StrongSwan fine. However when I try to ping from Strong Swan to the DNS server, I get nothing at all. They are both on the same virtual subnet, and can ping in one direction but not the other.

So... pinging from the DNS server to StrongSwan, works fine...
[cid:image002.png at 01CF4F1F.EA316580]
However when pinging from StrongSwan to the DNS server, I get no response.
[cid:image003.png at 01CF4F1F.EA316580]
This is my routing table in StrongSwan.. As you can see there is a route to connect to the DNS server which is 172.17.61.10 out of eth1 which is correct, but when I run the command I get no response.
[cid:image004.png at 01CF4F1F.EA316580]

I have ran my environment on a different laptop to rule this out of the problem.

Does anyone have any bright ideas as to what might be causing this issues. Any help would be much appreciated.

Thanks in advance.

Regards

Ben Hay
Technology Consultant

_______________________________________________
Users mailing list
Users at lists.strongswan.org<mailto:Users at lists.strongswan.org>
https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140403/7bb762ab/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 18647 bytes
Desc: image001.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140403/7bb762ab/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 11527 bytes
Desc: image002.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140403/7bb762ab/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 2313 bytes
Desc: image003.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140403/7bb762ab/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 4910 bytes
Desc: image004.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140403/7bb762ab/attachment-0007.png>

More information about the Users mailing list