LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-06-2007, 03:28 PM   #1
MikeOfAustin
Member
 
Registered: Apr 2007
Location: texas
Distribution: mandriva 2007.0 / edgy
Posts: 63

Rep: Reputation: 15
VPN client - destination unreachable, all else good (New install).


Hi all. I usually google my problem before I bother others with them, and this is probably on it's 4th day of trying to debug, and I simply can't take it anymore (no hair left). Also, I'm fairly new to this, so I must apoligize ahead of time, if this is a n00b thing (and I hope it is).

A new install of Mandriva (2007.0). Everything works great.

I've installed a ci$co VPN client (and am using the profile supplied by my work). When I start VPN, I get a tunnel, I'm assigned a client address IP of 10.1.15.*, and I can see the server address,

ie;
Code:
Your VPN connection is secure.
VPN tunnel information.
Client address: 10.1.15.6
Server address: 64.128.24.7
Encryption: 168-bit 3-DES
Authentication: HMAC-MD5
IP Compression: None
NAT passthrough is active on port UDP 10000 
Local LAN Access is disabled
but when I try to ping anyone in that same area 10.1.15.*, I get

" From 10.1.15.6 icmp_seq=1 Destination Host Unreachable "

Now, this is ONLY in that area. I can still go everywhere else on the internet, just not in this group (I know there are multiple systems in this group).

Is this a firewall coniguration this? A NAT configuration thing? To my knowledge, I have not configured ANYTHING on the new install yet (its' all default, so firewall, etc is default).


Here are my goodies;

PHP Code:
[name-hidden@adsl-71-145-143-67 /]$ netstat -r
Kernel IP routing table
Destination     Gateway    Genmask      Flags   MSS Window  irtt Iface
vpnaustin
.sigma adsl-71-145-143 255.255.255.255 UGH       0 0          0 eth0
192.168.100.0  10.1.15.6   255.255.255.0 UG        0 0          0 cipsec0
172.16.100.0   10.1.15.6   255.255.255.0 UG        0 0          0 cipsec0
71.145.143.0    
*           255.255.255.0 U         0 0          0 eth0
10.1.0.0       
*           255.255.240.0 U         0 0          0 cipsec0
10.2.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.35.0.0      10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.3.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.1.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.6.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.7.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.4.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.20.0.0      10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.5.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.254.0.0     10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.9.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
default         adsl-71-145-143 0.0.0.0   UG        0 0          0 eth0 
ifconfig;

PHP Code:
cipsec0   Link encap:Ethernet  HWaddr 00:0B:FC:F8:01:8F  
          inet addr
:10.1.15.6  Mask:255.255.240.0
          inet6 addr
fe80::20b:fcff:fef8:18f/64 Scope:Link
          UP RUNNING NOARP  MTU
:1356  Metric:1
          RX packets
:144 errors:0 dropped:0 overruns:0 frame:0
          TX packets
:0 errors:0 dropped:742 overruns:0 carrier:0
          collisions
:0 txqueuelen:1000 
          RX bytes
:16744 (16.3 KiB)  TX bytes:(0.0 b)


eth0      Link encap:Ethernet  HWaddr 00:0D:61:06:6C:76  
          inet addr
:71.145.143.67  Bcast:71.145.143.255  Mask:255.255.255.0
          inet6 addr
fe80::20d:61ff:fe06:6c76/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU
:1500  Metric:1
          RX packets
:33776 errors:0 dropped:0 overruns:0 frame:0
          TX packets
:38043 errors:0 dropped:0 overruns:0 carrier:0
          collisions
:0 txqueuelen:1000 
          RX bytes
:13572390 (12.9 MiB)  TX bytes:3280497 (3.1 MiB)
          
Interrupt:17 Base address:0xc000 
 

lo        Link encap
:Local Loopback  
          inet addr
:127.0.0.1  Mask:255.0.0.0
          inet6 addr
: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU
:16436  Metric:1
          RX packets
:49758 errors:0 dropped:0 overruns:0 frame:0
          TX packets
:49758 errors:0 dropped:0 overruns:0 carrier:0
          collisions
:0 txqueuelen:
          RX bytes
:4423952 (4.2 MiB)  TX bytes:4423952 (4.2 MiB
(FWIW, you can see that cipsec0 has dropped all TX packets.)

A look into my resolv.conf yeilds; (why the redundant nameserver?)

PHP Code:
domain sigmatel.com
nameserver 192.168.0.1
nameserver 192.168.0.1
search sigmatel
.com dsl.austtx.sbcglobal.net 

I'm not getting a lot of support from work, as they are all xp guys.

Thanks,

 
Old 04-07-2007, 04:46 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
i admit i've not tried doing that, but there's no reasno i qould expect this to actaully work. obviosuly your ability to reach the other vpn users is wholly dependent on the peer device, your vpn concentrator, asa / pix firewall etc... nothing you should be able to have any influence over. by default a pix firewall either won't or can't (version dependent) allow identical interfaces to talk to each other, so it's not your fault.

btw, i prefer using vpnc instead of cisco's own client, apparently slightly less featureful, but a lot lot simpler and nicer to use, assuming you can convert the profile you've been given to the vpnc format config.
 
Old 04-07-2007, 07:49 PM   #3
MikeOfAustin
Member
 
Registered: Apr 2007
Location: texas
Distribution: mandriva 2007.0 / edgy
Posts: 63

Original Poster
Rep: Reputation: 15
Well... I don't quite believe it, but I got it working by 'enabling' the firewall. I thought the firewall wasn't enabled / letting everything go by, but I guess I was wrong.

strange!!

In case anyone else has this problem... my configuration was set up correctly, I just needed to enable the firewall.

Now for my next networking problem (I'll need to start a new thread ... it's an sshd problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
destination host unreachable mundacho Linux - Networking 1 03-10-2006 01:59 PM
help ! Destination Unreachable ernvb Linux - Hardware 3 10-23-2005 11:09 PM
Destination Host Unreachable danka Linux - Networking 8 01-01-2005 05:29 PM
Destination Host Unreachable thanos35 Linux - General 4 01-06-2003 06:48 AM
destination host unreachable jb1 Linux - Networking 3 11-27-2002 01:36 PM


All times are GMT -5. The time now is 05:18 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration