[strongSwan] Newbie: Windows Client and Routing
Chris
ch2009 at arcor.de
Sun Jan 5 05:54:28 CET 2014
Sorry, there's apparently a mistake in my network setup. Please ignore
the original question.
On 01/03/2014 05:43 PM, Chris wrote:
> Dear All,
>
> sorry, I have to ask again.
>
> I'd like to setup a VPN-server for Windows 8 road warriors with
> Authentication using EAP-MSCHAP v2, like it's described in [1].
>
> Do I have to install an L2TP-Server like xl2tpd? I've setup StrongSwan
> and the VPN connection is established. I can ping the client, but can't
> ping the server or any internet host. What's the error?
>
> When I ping the server, the ping seems not to go through the tunnel:
> 17:40:06.216364 IP 192.168.122.164 > 192.168.122.217: ICMP echo request,
> id 1, seq 32, length 40
>
> The client has no default gateway. Is this correct?
>
> PPP-Adapter strongswan:
>
> Verbindungsspezifisches DNS-Suffix:
> Beschreibung. . . . . . . . . . . : strongswan
> Physische Adresse . . . . . . . . :
> DHCP aktiviert. . . . . . . . . . : Nein
> Autokonfiguration aktiviert . . . : Ja
> IPv4-Adresse . . . . . . . . . . : 10.1.0.1(Bevorzugt)
> Subnetzmaske . . . . . . . . . . : 255.255.255.255
> Standardgateway . . . . . . . . . : 0.0.0.0
> DNS-Server . . . . . . . . . . . : 8.8.4.4
> 8.8.8.8
> NetBIOS über TCP/IP . . . . . . . : Deaktiviert
>
> C:\Users\chris>route print
>
> ===========================================================================
> Schnittstellenliste
> 25...........................strongswan
> 3...52 54 00 4e 8d 72 ......Realtek
> RTL8139C+-Fast-Ethernet-Netzwerkkarte
> 1...........................Software Loopback Interface 1
> 4...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter
> 5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
> 15...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #2
>
> ===========================================================================
>
> IPv4-Routentabelle
>
> ===========================================================================
> Aktive Routen:
> Netzwerkziel Netzwerkmaske Gateway Schnittstelle
> Metrik
> 0.0.0.0 0.0.0.0 192.168.122.1 192.168.122.164
> 4245
> 0.0.0.0 0.0.0.0 Auf Verbindung 10.1.0.1 21
> 10.1.0.1 255.255.255.255 Auf Verbindung 10.1.0.1 276
> 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 4531
> 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 4531
> 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 4531
> 192.168.122.0 255.255.255.0 Auf Verbindung 192.168.122.164
> 4501
> 192.168.122.164 255.255.255.255 Auf Verbindung 192.168.122.164
> 4501
> 192.168.122.217 255.255.255.255 Auf Verbindung 192.168.122.164
> 4246
> 192.168.122.255 255.255.255.255 Auf Verbindung 192.168.122.164
> 4501
> 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 4531
> 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.122.164
> 4501
> 224.0.0.0 240.0.0.0 Auf Verbindung 10.1.0.1 21
> 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 4531
> 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.122.164
> 4501
> 255.255.255.255 255.255.255.255 Auf Verbindung 10.1.0.1 276
>
> ===========================================================================
> Ständige Routen:
> Keine
>
> This is xfrm policy and state:
>
> src 10.1.0.1/32 dst 192.168.122.0/24
> dir fwd priority 1827 ptype main
> tmpl src 192.168.122.164 dst 192.168.122.217
> proto esp reqid 7 mode tunnel
> src 10.1.0.1/32 dst 192.168.122.0/24
> dir in priority 1827 ptype main
> tmpl src 192.168.122.164 dst 192.168.122.217
> proto esp reqid 7 mode tunnel
> src 192.168.122.0/24 dst 10.1.0.1/32
> dir out priority 1827 ptype main
> tmpl src 192.168.122.217 dst 192.168.122.164
> proto esp reqid 7 mode tunnel
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir 3 priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir 4 priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir 3 priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir 4 priority 0 ptype main
> src ::/0 dst ::/0
> dir 3 priority 0 ptype main
> src ::/0 dst ::/0
> dir 4 priority 0 ptype main
> src ::/0 dst ::/0
> dir 3 priority 0 ptype main
> src ::/0 dst ::/0
> dir 4 priority 0 ptype main
>
>
>
> src 192.168.122.217 dst 192.168.122.164
> proto esp spi 0x69417baa(1765899178) reqid 7(0x00000007) mode
> tunnel
> replay-window 32 seq 0x00000000 flag 20 (0x00100000)
> auth hmac(sha1) 0xa255e860ff8a25d2e5f7f9baf31c01f865fbacb9 (160
> bits)
> enc cbc(aes) 0x7c16ff294cce1a2f1ecacb89f8e9b2a9 (128 bits)
> lifetime config:
> limit: soft (INF)(bytes), hard (INF)(bytes)
> limit: soft (INF)(packets), hard (INF)(packets)
> expire add: soft 847(sec), hard 1200(sec)
> expire use: soft 0(sec), hard 0(sec)
> lifetime current:
> 0(bytes), 0(packets)
> add 2014-01-03 17:01:45 use -
> stats:
> replay-window 0 replay 0 failed 0
> src 192.168.122.164 dst 192.168.122.217
> proto esp spi 0xc03d142c(3225228332) reqid 7(0x00000007) mode
> tunnel
> replay-window 32 seq 0x00000000 flag 20 (0x00100000)
> auth hmac(sha1) 0xa6811c1af264ad253d961cb55b04c0913676200c (160
> bits)
> enc cbc(aes) 0xdabc758a3757e7f04c6f6f3b223015a2 (128 bits)
> lifetime config:
> limit: soft (INF)(bytes), hard (INF)(bytes)
> limit: soft (INF)(packets), hard (INF)(packets)
> expire add: soft 964(sec), hard 1200(sec)
> expire use: soft 0(sec), hard 0(sec)
> lifetime current:
> 0(bytes), 0(packets)
> add 2014-01-03 17:01:45 use -
> stats:
> replay-window 0 replay 0 failed 0
>
> Thank you in advance!
>
> - Chris
>
>
> [1] http://wiki.strongswan.org/projects/strongswan/wiki/Windows7
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
More information about the Users
mailing list