LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page One Way Communication in CentOS/OpenSwan to Sonicwall VPN
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-21-2010, 02:31 AM   #1
pacmantravis
LQ Newbie
 
Registered: Feb 2010
Posts: 1

Rep: Reputation: 0
One Way Communication in CentOS/OpenSwan to Sonicwall VPN

Hi there, first post but long time lurker.

I am in the middle of configuring a site-to-site VPN tunnel between my CentOS server and my sonicwall pro3060.

The CentOS server has 2 nics has the basics configured using Webmin to be used as a router/firewall. I have also set up Openswan on the server to make a site-to-site VPN tunnel. eth0 is for the lan subnet and eth1 is for the public network

The tunnel shows connected and I can ping the internal IP of the CentOS server from the sonicwall, however, I cannot ping any hosts on the internal subnet of the sonicwall. I'm positive its not a rule on the sonicwall that is stopping this.

I've run a traceroute from the CentOS server to the private subnet of the sonicwall (192.168.168.0/24) and it looks like traffic is not going out of the VPN tunnel. My traceroute shows replies from routers on the public network...which means that it does not know the sonicwall private subnet is through the VPN tunnel.

I would really appreciate any help as this is my first encounter with Webmin/OpenSwan and I really need to get this running.

My ipsec.conf file

Code:
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.

        klipsdebug=all
        plutodebug=all
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        nat_traversal=yes

# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomme$
include /etc/ipsec.d/*.conf
My /etc/ipsec.d/peer1.conf file
Code:
conn peer1
        type=tunnel
        auto=add
        auth=esp
        pfs=no
        authby=secret
        keyingtries=0
        left=public_ip
        leftid=public_ip
        leftsubnet=172.24.144.0/25
        right=sonicwall_public_ip
        rightsubnet=192.168.168.0/24
        rightid=sonicwall_public_ip
        esp=aes128-sha1
        keyexchange=ike
        ike=aes128-sha1
        aggrmode=yes
Last edited by pacmantravis; 02-21-2010 at 02:33 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN with KVpnc to Sonicwall TZ170 Marinus Linux - Networking 10 06-11-2010 11:48 AM
Sonicwall TZ 170 Enhanced with Openswan-2.4.10 as roadwarrior thro GPRS Link Mohamed Mydeen A Linux - Networking 0 01-16-2008 03:55 AM
Sonicwall to OpenSwan Roadwarrior shane_kelly55 Linux - Security 3 08-02-2005 12:22 AM
VPN through sonicwall firewall envirodug Linux - Networking 4 06-17-2005 11:43 AM
Sonicwall and Linux VPN Client shane_kelly55 Linux - Networking 1 06-17-2005 11:34 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:41 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration