LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   VPN client - destination unreachable, all else good (New install). (https://www.linuxquestions.org/questions/linux-networking-3/vpn-client-destination-unreachable-all-else-good-new-install-543879/)

MikeOfAustin 04-06-2007 03:28 PM
VPN client - destination unreachable, all else good (New install).
 
Hi all. I usually google my problem before I bother others with them, and this is probably on it's 4th day of trying to debug, and I simply can't take it anymore (no hair left). Also, I'm fairly new to this, so I must apoligize ahead of time, if this is a n00b thing (and I hope it is).

A new install of Mandriva (2007.0). Everything works great.

I've installed a ci$co VPN client (and am using the profile supplied by my work). When I start VPN, I get a tunnel, I'm assigned a client address IP of 10.1.15.*, and I can see the server address,

ie;
Code:
Your VPN connection is secure.
VPN tunnel information.
Client address: 10.1.15.6
Server address: 64.128.24.7
Encryption: 168-bit 3-DES
Authentication: HMAC-MD5
IP Compression: None
NAT passthrough is active on port UDP 10000
Local LAN Access is disabled
but when I try to ping anyone in that same area 10.1.15.*, I get

" From 10.1.15.6 icmp_seq=1 Destination Host Unreachable "

Now, this is ONLY in that area. I can still go everywhere else on the internet, just not in this group (I know there are multiple systems in this group).

Is this a firewall coniguration this? A NAT configuration thing? To my knowledge, I have not configured ANYTHING on the new install yet (its' all default, so firewall, etc is default).


Here are my goodies;

PHP Code:
[name-hidden@adsl-71-145-143-67 /]$ netstat -r
Kernel IP routing table
Destination     Gateway    Genmask      Flags   MSS Window  irtt Iface
vpnaustin.sigma adsl-71-145-143 255.255.255.255 UGH       0 0          0 eth0
192.168.100.0  10.1.15.6   255.255.255.0 UG        0 0          0 cipsec0
172.16.100.0   10.1.15.6   255.255.255.0 UG        0 0          0 cipsec0
71.145.143.0    *           255.255.255.0 U         0 0          0 eth0
10.1.0.0       *           255.255.240.0 U         0 0          0 cipsec0
10.2.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.35.0.0      10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.3.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.1.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.6.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.7.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.4.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.20.0.0      10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.5.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.254.0.0     10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
10.9.0.0       10.1.15.6    255.255.0.0  UG        0 0          0 cipsec0
default         adsl-71-145-143 0.0.0.0   UG        0 0          0 eth0 
ifconfig;

PHP Code:
cipsec0   Link encap:Ethernet  HWaddr 00:0B:FC:F8:01:8F  
          inet addr:10.1.15.6  Mask:255.255.240.0
          inet6 addrfe80::20b:fcff:fef8:18f/64 Scope:Link
          UP RUNNING NOARP  MTU:1356  Metric:1
          RX packets:144 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:742 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:16744 (16.3 KiB)  TX bytes:(0.0 b)


eth0      Link encap:Ethernet  HWaddr 00:0D:61:06:6C:76  
          inet addr:71.145.143.67  Bcast:71.145.143.255  Mask:255.255.255.0
          inet6 addrfe80::20d:61ff:fe06:6c76/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:33776 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38043 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:13572390 (12.9 MiB)  TX bytes:3280497 (3.1 MiB)
          Interrupt:17 Base address:0xc000 
 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:49758 errors:0 dropped:0 overruns:0 frame:0
          TX packets:49758 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:
          RX bytes:4423952 (4.2 MiB)  TX bytes:4423952 (4.2 MiB
(FWIW, you can see that cipsec0 has dropped all TX packets.)

A look into my resolv.conf yeilds; (why the redundant nameserver?)

PHP Code:
domain sigmatel.com
nameserver 192.168.0.1
nameserver 192.168.0.1
search sigmatel.com dsl.austtx.sbcglobal.net 

I'm not getting a lot of support from work, as they are all xp guys.

Thanks,

:newbie:

acid_kewpie 04-07-2007 04:46 PM
i admit i've not tried doing that, but there's no reasno i qould expect this to actaully work. obviosuly your ability to reach the other vpn users is wholly dependent on the peer device, your vpn concentrator, asa / pix firewall etc... nothing you should be able to have any influence over. by default a pix firewall either won't or can't (version dependent) allow identical interfaces to talk to each other, so it's not your fault.

btw, i prefer using vpnc instead of cisco's own client, apparently slightly less featureful, but a lot lot simpler and nicer to use, assuming you can convert the profile you've been given to the vpnc format config.

MikeOfAustin 04-07-2007 07:49 PM
Well... I don't quite believe it, but I got it working by 'enabling' the firewall. I thought the firewall wasn't enabled / letting everything go by, but I guess I was wrong.

strange!!

In case anyone else has this problem... my configuration was set up correctly, I just needed to enable the firewall.

Now for my next networking problem (I'll need to start a new thread ... it's an sshd problem.


All times are GMT -5. The time now is 05:31 PM.