LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   ping: sendmsg: Operation not permitted (https://www.linuxquestions.org/questions/linux-networking-3/ping-sendmsg-operation-not-permitted-550596/)

kholloi 05-02-2007 05:00 AM
ping: sendmsg: Operation not permitted
 
Hi everyone,

I am trying to set up a VPN between two branches. Branch A is on subnet 192.168.0.0/24 and branch B is on subnet 10.0.0.0/8.
I am using Juniper IPSEC VPN concentrators on both sides. I have no control over the VPN terminator in branch B, have only been given the parameters.

A test machine in branch B with IP 10.0.0.1 has been set up with a static route pointing to the VPN terminator on branch B LAN.

I have set up a test machine on branch A lan with ip address 192.168.0.2 and a static route directing all traffic destined for 10.0.0.0/8 to the internal interface of the VPN terminator, 192.168.0.253.

Now here is where it gets a bit sticky.

Branch A is located in another country so I am logged in via SSH to a second interface on the test machine. This interface is on a public ip.

here is ifconfig:

===================================
eth0 Link encap:Ethernet HWaddr 00:02:44:9C:63:1B
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::202:44ff:fe9c:631b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:24327733 errors:0 dropped:0 overruns:0 frame:0
TX packets:19821600 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3429279278 (3270.4 Mb) TX bytes:4132813808 (3941.3 Mb)
Interrupt:193 Base address:0x4400

eth1 Link encap:Ethernet HWaddr 00:0E:7F:B0:07:54
inet addr:207.x.x.x Bcast:207.x.x.x Mask:255.255.255.224
inet6 addr: fe80::20e:7fff:feb0:754/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14669413 errors:1 dropped:0 overruns:0 frame:0
TX packets:13243137 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3131123896 (2986.0 Mb) TX bytes:2699259384 (2574.2 Mb)
Interrupt:201

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:42630 errors:0 dropped:0 overruns:0 frame:0
TX packets:42630 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3386915 (3.2 Mb) TX bytes:3386915 (3.2 Mb)
===========================================================================


and here is route -n



============================================================================
Destination Gateway Genmask Flags Metric Ref Use Iface
207.x.x.x 0.0.0.0 255.255.255.224 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
10.0.0.0 192.168.0.253 255.0.0.0 UG 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 207.x.x.x 0.0.0.0 UG 0 0 0 eth1
==============================================================================


I can see the internal interface of the VPN terminator:

==============================================================================
PING 192.168.0.253 (192.168.0.253) 56(84) bytes of data.
64 bytes from 192.168.0.253: icmp_seq=1 ttl=64 time=3.71 ms
==============================================================================

But when I try to ping the test machine at branch B, I get this error:

=============================================================================
From 192.168.0.2 icmp_seq=7 Destination Host Unreachable
ping: sendmsg: Operation not permitted
==============================================================================

My IP Tables allow ICMP originating from this host because I can ping to the private and public network. Now the question is;
Is this ping error a result of incorrect route configuration, iow, originating from my test machine, or is it because of VPN mis configuration, iow originating from the VPN terminator?

Thanks

kholloi


All times are GMT -5. The time now is 04:43 PM.