Hi David, We have tested (extensively) what you want to do, and it works for us.
Are you using iOS 5.1 ? Double check for typos, you want: -- Push Network(s): 192.168.1.0/24 -- Are you using the "Ping Lite" app to test with ? The ping there seems to work, but traceroute does not for me. So, your problem might be just a bad app. When I was testing I used a web server in the local network and accessed it just fine with the iOS browser. Further detail... Tip, I prefer using the Remote IPv4 Base / Mask of 10.9.1.1 / 255.255.255.0 or something more odd-ball so as to be unique. The Remote IPv4 must be unique between remote and local networks. If you still can't get it to work, look at the server logs with "Info" logging: For me I have: -- Push Network(s): 192.168.101.0/24 -- You should see the "no policy found, try to generate the policy" line: Apr 26 21:51:33 pbx daemon.info racoon: INFO: respond new phase 2 negotiation: 10.10.50.62[500]<=>10.10.10.85[500] Apr 26 21:51:33 pbx daemon.info racoon: INFO: no policy found, try to generate the policy : 10.9.1.1/32[0] 192.168.101.0/24[0] proto=any dir=in Apr 26 21:51:33 pbx daemon.info racoon: INFO: IPsec-SA established: ESP/Tunnel 10.10.50.62[500]->10.10.10.85[500] spi=163860196(0x9c44ee4) Apr 26 21:51:33 pbx daemon.info racoon: INFO: IPsec-SA established: ESP/Tunnel 10.10.50.62[500]->10.10.10.85[500] spi=249302327(0xedc0d37) Then if I delete "Push Network(s)" and restart IPsec, I see the "no policy found, try to generate the policy" line: Apr 26 22:09:22 pbx daemon.info racoon: INFO: respond new phase 2 negotiation: 10.10.50.62[500]<=>10.10.10.85[500] Apr 26 22:09:22 pbx daemon.info racoon: INFO: no policy found, try to generate the policy : 10.9.1.1/32[0] 0.0.0.0/0[0] proto=any dir=in Apr 26 22:09:22 pbx daemon.info racoon: INFO: IPsec-SA established: ESP/Tunnel 10.10.50.62[500]->10.10.10.85[500] spi=94259665(0x59e49d1) Apr 26 22:09:22 pbx daemon.info racoon: INFO: IPsec-SA established: ESP/Tunnel 10.10.50.62[500]->10.10.10.85[500] spi=233833350(0xdf00386) Lonnie On Apr 26, 2012, at 8:05 PM, David Kerr wrote: > Lonnie, > I need some configuration help. I have my iPhone connecting to the VPN and > it is working. However as noted in the documentation the iPhone is routing > ALL traffic through the VPN, not just traffic to my internal network. I > tried the Push Network(s) setting but it fails. > > My internal network is 192.168.1.xx > I set remote IPv4 base to 192.168.2.1 and mask to 255.255.255.0 > > If I leave the push network(s) blank then everything works, but all traffic > goes through the VPN (traceroute [yes there is an app for that] starts with > the external IP address of the astlinux box). > > If I enter 192.168.1.0/24 into the Push Networks(s) field then nothing routes > to any 192.168.1.xx destination. Traceroute timeouts on the first hop. But > traceroute to anywhere else works (without going through the astlinux box). > > Am I doing something wrong with the Push Network(s) setting? > > Thanks > David ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
