[TriLUG] Network Routing

Jon Carnes jonc at nc.rr.com
Mon Sep 8 10:22:17 EDT 2003 

Hmmm... What does you FreeSWAN configuration look like?  It could be
that you've set it up to add routes incorrectly.

When you setup a VPN via FreeSWAN it has to setup a route that uses the
IPSec tunnel and points to the other end-point.  In your testing it
looks like you are using your 112 box as a test endpoint. It could be
that you are using a FreeSWAN configuration that treats your host box as
though it only has one NIC (the internal one).

Folks often have a harder time with the routing than they do with
setting the IPSec tunnel.

ASIDE: I highly recommend OpenBSD for this type of application.  Not
only does it do IPSec natively (so you don't have to mess with
FreeSWAN), but it also comes with several "canned" scripts that work
great in multiple situations.  The kind of problem you are having above
would be very rare in OpenBSD.

You can search the archives from last year and you should find a fairly
complete writeup of HowTo install OpenBSD and set it up for an IPSec
VPN.

Good Luck - Jon Carnes

On Mon, 2003-09-08 at 09:51, Jason Purdy wrote:
> I need some help in figuring out some networking "stuff" - I have a 
> Debian Linux server with two NIC's, one hooked up to the internal switch 
> and the other hooked to a switch that splits out our (fractured) T-1. 
> I'm also in the middle of an ipsec (FreeS/WAN) install, which may be 
> messing things up.
> 
> I can ping our internal network just fine.  When I ping up our internet, 
> I start to see duplicating bouncebacks:
> 
> # ping 192.168.0.1
> PING 192.168.0.1 (192.168.0.1): 56 data bytes
> 64 bytes from 192.168.0.1: icmp_seq=0 ttl=64 time=4.1 ms
> 
> # ping ###.###.###.113
> PING ###.###.###.113 (###.###.###.113): 56 data bytes
> 64 bytes from ###.###.###.113: icmp_seq=0 ttl=254 time=0.6 ms
> 64 bytes from ###.###.###.113: icmp_seq=1 ttl=254 time=0.6 ms
> 
> # ping ###.###.###.112
> PING ###.###.###.112 (###.###.###.112): 56 data bytes
> 64 bytes from ###.###.###.115: icmp_seq=0 ttl=255 time=0.0 ms
> 64 bytes from ###.###.###.116: icmp_seq=0 ttl=255 time=0.2 ms (DUP!)
> 64 bytes from ###.###.###.113: icmp_seq=0 ttl=254 time=0.8 ms (DUP!)
> 
> # route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use 
> Iface
> ###.###.###.112 *               255.255.255.248 U     0      0        0 eth1
> ###.###.###.112 *               255.255.255.248 U     0      0        0 
> ipsec1
> 192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
> 192.168.0.0     *               255.255.255.0   U     0      0        0 
> ipsec0
> default         ###.###.###.113 0.0.0.0         UG    0      0        0 eth1
> default         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
> 
> So now I cannot ping any external IP #'s:
> # ping 152.2.25.2
> PING 152.2.25.2 (152.2.25.2): 56 data bytes
> 
> --- 152.2.25.2 ping statistics ---
> 150 packets transmitted, 0 packets received, 100% packet loss
> 
> Ifconfig output below...
> 
> I'm not sure what this all means.  Can someone point me in the right 
> direction?
> 
> Thanks,
> 
> Jason
> 
> PS: I #'d out the IP addresses not b/c I don't trust you guys ... more 
> like the harvesters on the Web access to our mailing list.
> 
> PSS: ifconfig output:
> 
> # ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:07:E9:80:86:FE
>            inet addr:192.168.0.12  Bcast:192.168.0.255  Mask:255.255.255.0
>            UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
>            RX packets:2213406 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:232004 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0
>            RX bytes:216728147 (206.6 MiB)  TX bytes:98403841 (93.8 MiB)
> 
> eth1      Link encap:Ethernet  HWaddr 00:01:53:80:F0:08
>            inet addr:###.###.###.115  Bcast:###.###.###.255 
> Mask:255.255.255.248
>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>            RX packets:198033 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:71754 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0
>            RX bytes:48310063 (46.0 MiB)  TX bytes:7403565 (7.0 MiB)
> 
> ipsec0    Link encap:Ethernet  HWaddr 00:07:E9:80:86:FE
>            inet addr:192.168.0.12  Mask:255.255.255.0
>            UP RUNNING NOARP  MTU:16260  Metric:1
>            RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0
>            RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
> 
> ipsec1    Link encap:Ethernet  HWaddr 00:01:53:80:F0:08
>            inet addr:###.###.###.115  Mask:255.255.255.248
>            UP RUNNING NOARP  MTU:16260  Metric:1
>            RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0
>            RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
> 
> lo        Link encap:Local Loopback
>            inet addr:127.0.0.1  Mask:255.0.0.0
>            UP LOOPBACK RUNNING  MTU:16436  Metric:1
>            RX packets:449 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:449 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0
>            RX bytes:35992 (35.1 KiB)  TX bytes:35992 (35.1 KiB)

More information about the TriLUG mailing list