#sudo apt-get install ike
Note:
Most Linux systems will require the following modifications to the System Settings in order to work with the Shrew Soft VPN Client. Wthout the following sysctl setting, the kernel will drop packets received on one interface when the destination address is owned by another interface.
1. Use a text editor to edit (as root) /etc/sysctl.conf
2. Change the following Entries from 1 to 0 (if these values are not defined you will need to add them in order to override the default setting of
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
3. Use a text editor to edit (as root) /etc/sysctl.d/10-network-security.conf
4. Change the following Entries from 1 to 0 (if these values are not defined you will need to add them in order to override the default setting of 1).
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
5. reboot
6. Execute the following command to confirm settings change has taken affect:
sysctl –a| egrep rp_filter|egrep –v arp
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
REFERENCES
ShrewSoftVPN_LinuxInstall.pdf
Showing posts with label VPN. Show all posts
Showing posts with label VPN. Show all posts
Friday, January 21, 2011
Thursday, January 20, 2011
VPN client can’t access to a Mulithomed computer without gateway or route return
Category:
IPsec,
Networking,
OpenVPN,
VPN
— SkyHi @ Thursday, January 20, 2011
Situation: a multihomed computer is setup one NIC connecting to a DMZ (IP 172.254.2.0/16) with default gateway and another other network NIC connecting the LAN (IP 10.0.0.0/16) without gateway. The user can establish the VPN using IP 192.169.198.0/24 to access the LAN but not this multihomed computer because LAN NIC doesn’t have gateway or route return. The below are the results of ipconfig and routing table.
ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.0.0.106
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.254.2.66
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.254.2.251
route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 04 76 35 e1 18 ...... 3Com 3CSOHO Fast Ethernet Adapter - Packet Sched
uler Miniport
0x3 ...00 17 a4 40 73 11 ...... Broadcom NetXtreme Gigabit Ethernet - Packet Sch
eduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.254.2.251 172.254.2.66 20
10.0.0.0 255.255.0.0 10.0.0.106 10.0.0.106 20
10.0.0.106 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.106 10.0.0.106 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.254.2.0 255.255.255.0 172.254.2.66 172.254.2.66 20
172.254.2.66 255.255.255.255 127.0.0.1 127.0.0.1 20
172.254.255.255 255.255.255.255 172.254.2.66 172.254.2.66 20
224.0.0.0 240.0.0.0 10.0.0.106 10.0.0.106 20
224.0.0.0 240.0.0.0 172.254.2.66 172.254.2.66 20
255.255.255.255 255.255.255.255 10.0.0.106 10.0.0.106 1
255.255.255.255 255.255.255.255 172.254.2.66 172.254.2.66 1
Default Gateway: 172.254.2.251
===========================================================================
Persistent Routes:
None
Solution: modify the routing table on the multihomed computer so that the computer has route return to the VPN. In our case, do this command “route add 192.168.198.0 mask 255.255.255.0 10.0.0.2”. The below is the modified routing table.
route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 04 76 35 e1 18 ...... 3Com 3CSOHO Fast Ethernet Adapter - Packet Sched
uler Miniport
0x3 ...00 17 a4 40 73 11 ...... Broadcom NetXtreme Gigabit Ethernet - Packet Sch
eduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.254.2.251 172.254.2.66 20
10.0.0.0 255.255.0.0 10.0.0.106 10.0.0.106 20
10.0.0.106 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.106 10.0.0.106 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.254.2.0 255.255.255.0 172.254.2.66 172.254.2.66 20
172.254.2.66 255.255.255.255 127.0.0.1 127.0.0.1 20
172.254.255.255 255.255.255.255 172.254.2.66 172.254.2.66 20
192.168.198.0 255.255.255.0 10.0.0.2 10.0.0.106 1
224.0.0.0 240.0.0.0 10.0.0.106 10.0.0.106 20
224.0.0.0 240.0.0.0 172.254.2.66 172.254.2.66 20
255.255.255.255 255.255.255.255 10.0.0.106 10.0.0.106 1
255.255.255.255 255.255.255.255 172.254.2.66 172.254.2.66 1
Default Gateway: 172.254.2.251
===========================================================================
Persistent Routes:REFERENCES
http://www.chicagotech.net/VPN/vpnrouting1.htm
Subscribe to:
Posts (Atom)
