Hi there, first post but long time lurker.
I am in the middle of configuring a site-to-site VPN tunnel between my CentOS server and my sonicwall pro3060.
The CentOS server has 2 nics has the basics configured using Webmin to be used as a router/firewall. I have also set up Openswan on the server to make a site-to-site VPN tunnel. eth0 is for the lan subnet and eth1 is for the public network
The tunnel shows connected and I can ping the internal IP of the CentOS server from the sonicwall, however, I cannot ping any hosts on the internal subnet of the sonicwall. I'm positive its not a rule on the sonicwall that is stopping this.
I've run a traceroute from the CentOS server to the private subnet of the sonicwall (192.168.168.0/24) and it looks like traffic is not going out of the VPN tunnel. My traceroute shows replies from routers on the public network...which means that it does not know the sonicwall private subnet is through the VPN tunnel.
I would really appreciate any help as this is my first encounter with Webmin/OpenSwan and I really need to get this running.
My ipsec.conf file
Code:
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=all
plutodebug=all
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomme$
include /etc/ipsec.d/*.conf
My /etc/ipsec.d/peer1.conf file
Code:
conn peer1
type=tunnel
auto=add
auth=esp
pfs=no
authby=secret
keyingtries=0
left=public_ip
leftid=public_ip
leftsubnet=172.24.144.0/25
right=sonicwall_public_ip
rightsubnet=192.168.168.0/24
rightid=sonicwall_public_ip
esp=aes128-sha1
keyexchange=ike
ike=aes128-sha1
aggrmode=yes