[strongSwan] Newbie: Windows Client and Routing

Chris ch2009 at arcor.de
Fri Jan 3 17:43:11 CET 2014 

Dear All,

sorry, I have to ask again.

I'd like to setup a VPN-server for Windows 8 road warriors with 
Authentication using EAP-MSCHAP v2, like it's described in [1].

Do I have to install an L2TP-Server like xl2tpd? I've setup StrongSwan 
and the VPN connection is established. I can ping the client, but can't 
ping the server or any internet host. What's the error?

When I ping the server, the ping seems not to go through the tunnel:
17:40:06.216364 IP 192.168.122.164 > 192.168.122.217: ICMP echo request, 
id 1, seq 32, length 40

The client has no default gateway. Is this correct?

     PPP-Adapter strongswan:

        Verbindungsspezifisches DNS-Suffix:
        Beschreibung. . . . . . . . . . . : strongswan
        Physische Adresse . . . . . . . . :
        DHCP aktiviert. . . . . . . . . . : Nein
        Autokonfiguration aktiviert . . . : Ja
        IPv4-Adresse  . . . . . . . . . . : 10.1.0.1(Bevorzugt)
        Subnetzmaske  . . . . . . . . . . : 255.255.255.255
        Standardgateway . . . . . . . . . : 0.0.0.0
        DNS-Server  . . . . . . . . . . . : 8.8.4.4
                                            8.8.8.8
        NetBIOS über TCP/IP . . . . . . . : Deaktiviert

  C:\Users\chris>route print

===========================================================================
     Schnittstellenliste
      25...........................strongswan
       3...52 54 00 4e 8d 72 ......Realtek 
RTL8139C+-Fast-Ethernet-Netzwerkkarte
       1...........................Software Loopback Interface 1
       4...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter
       5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
      15...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #2

===========================================================================

     IPv4-Routentabelle

===========================================================================
     Aktive Routen:
          Netzwerkziel    Netzwerkmaske          Gateway Schnittstelle 
Metrik
               0.0.0.0          0.0.0.0    192.168.122.1 192.168.122.164 
   4245
               0.0.0.0          0.0.0.0   Auf Verbindung 10.1.0.1     21
              10.1.0.1  255.255.255.255   Auf Verbindung 10.1.0.1    276
             127.0.0.0        255.0.0.0   Auf Verbindung 127.0.0.1   4531
             127.0.0.1  255.255.255.255   Auf Verbindung 127.0.0.1   4531
       127.255.255.255  255.255.255.255   Auf Verbindung 127.0.0.1   4531
         192.168.122.0    255.255.255.0   Auf Verbindung 192.168.122.164 
   4501
       192.168.122.164  255.255.255.255   Auf Verbindung 192.168.122.164 
   4501
       192.168.122.217  255.255.255.255   Auf Verbindung 192.168.122.164 
   4246
       192.168.122.255  255.255.255.255   Auf Verbindung 192.168.122.164 
   4501
             224.0.0.0        240.0.0.0   Auf Verbindung 127.0.0.1   4531
             224.0.0.0        240.0.0.0   Auf Verbindung 192.168.122.164 
   4501
             224.0.0.0        240.0.0.0   Auf Verbindung 10.1.0.1     21
       255.255.255.255  255.255.255.255   Auf Verbindung 127.0.0.1   4531
       255.255.255.255  255.255.255.255   Auf Verbindung 192.168.122.164 
   4501
       255.255.255.255  255.255.255.255   Auf Verbindung 10.1.0.1    276

===========================================================================
     Ständige Routen:
       Keine

This is xfrm policy and state:

src 10.1.0.1/32 dst 192.168.122.0/24
         dir fwd priority 1827 ptype main
         tmpl src 192.168.122.164 dst 192.168.122.217
                 proto esp reqid 7 mode tunnel
src 10.1.0.1/32 dst 192.168.122.0/24
         dir in priority 1827 ptype main
         tmpl src 192.168.122.164 dst 192.168.122.217
                 proto esp reqid 7 mode tunnel
src 192.168.122.0/24 dst 10.1.0.1/32
         dir out priority 1827 ptype main
         tmpl src 192.168.122.217 dst 192.168.122.164
                 proto esp reqid 7 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
         dir 3 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
         dir 4 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
         dir 3 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
         dir 4 priority 0 ptype main
src ::/0 dst ::/0
         dir 3 priority 0 ptype main
src ::/0 dst ::/0
         dir 4 priority 0 ptype main
src ::/0 dst ::/0
         dir 3 priority 0 ptype main
src ::/0 dst ::/0
         dir 4 priority 0 ptype main



src 192.168.122.217 dst 192.168.122.164
         proto esp spi 0x69417baa(1765899178) reqid 7(0x00000007) mode 
tunnel
         replay-window 32 seq 0x00000000 flag 20 (0x00100000)
         auth hmac(sha1) 0xa255e860ff8a25d2e5f7f9baf31c01f865fbacb9 (160 
bits)
         enc cbc(aes) 0x7c16ff294cce1a2f1ecacb89f8e9b2a9 (128 bits)
         lifetime config:
           limit: soft (INF)(bytes), hard (INF)(bytes)
           limit: soft (INF)(packets), hard (INF)(packets)
           expire add: soft 847(sec), hard 1200(sec)
           expire use: soft 0(sec), hard 0(sec)
         lifetime current:
           0(bytes), 0(packets)
           add 2014-01-03 17:01:45 use -
         stats:
           replay-window 0 replay 0 failed 0
src 192.168.122.164 dst 192.168.122.217
         proto esp spi 0xc03d142c(3225228332) reqid 7(0x00000007) mode 
tunnel
         replay-window 32 seq 0x00000000 flag 20 (0x00100000)
         auth hmac(sha1) 0xa6811c1af264ad253d961cb55b04c0913676200c (160 
bits)
         enc cbc(aes) 0xdabc758a3757e7f04c6f6f3b223015a2 (128 bits)
         lifetime config:
           limit: soft (INF)(bytes), hard (INF)(bytes)
           limit: soft (INF)(packets), hard (INF)(packets)
           expire add: soft 964(sec), hard 1200(sec)
           expire use: soft 0(sec), hard 0(sec)
         lifetime current:
           0(bytes), 0(packets)
           add 2014-01-03 17:01:45 use -
         stats:
           replay-window 0 replay 0 failed 0

Thank you in advance!

- Chris


[1] http://wiki.strongswan.org/projects/strongswan/wiki/Windows7

More information about the Users mailing list