Richard Lyman scribbled on Thursday, March 02, 2006 9:23 PM:
> On 3/2/06, Brian Phillips <[EMAIL PROTECTED]> wrote: >> >> If I were you, I would set "Target networks" in my vpn config file. >> the target networks would probably just be the subnet the MTC work >> computer is on (I believe you said 10.10.xx.xx). >> >> Target networks 10.10.0.0/16 >> > > I hope I hadn't mislead you. The ip of the gateway that my machine at > work uses is 10.80.11.1 > > The 'work' config file now has the following line added: > Target networks 10.80.0.0/16 > > I thought that for the MTC only the last part mattered... should I > instead have placed something like: > Target networks 10.80.11.0/24 > in there? If it's only the last part, 10.80.11.0/24 would work just fine. > >> Then paste your route tables after connecting. You should then still >> have a default route and gateway of 10.7.77.1, meaning you will have >> all the previous functionality before the tunnel was created. You >> should also notice a new route in your table with destination of >> 10.10.0.0 subnet 255.255.0.0 and a gateway of PROBABLY the IPsec >> gateway (128.187.34.xx). >> > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref > Use Iface 128.187.34.126 TMCB-U110-C-CR9 255.255.255.255 UGH 0 > 0 0 eth0 > 10.7.77.0 * 255.255.255.0 U 0 0 > 0 eth0 > 10.80.0.0 * 255.255.0.0 U 0 0 > 0 tun0 > default TMCB-U110-C-CR9 0.0.0.0 UG 0 0 > 0 eth0 > > I don't think that the default route or gateway were what you said > they should be. Why does the Gateway column have '*'s for the two > middle rows? * means "no gateway". If there is no gateway, the kernel just decides to cram all traffic that matches the destination and "Genmask" through the interface listed (in this case tun0). Doing a search on google on the subject yields this page: http://www.gentoo.org/doc/en/draft/vpnc-howto.xml Yes, I know it's gentoo, but the principles apply here. I wouldn't try and follow their howto. You have all the basic components, it's just some information you could use to educate you a little more and maybe in following _lightly_ you might be able to see a piece of information we're missing. If you are trying to "ping 10.80.11.230" (assuming that's the ip of your work machine) and it fails, then you have something else wrong. Your tables are setup to give you all of your previous functionality, with the addition of a tunnel to your work computer (there's no more wrong with your tables that I can see). I would say that it's now a question of "can a windows cisco vpn client make it from wymount? Is there something wrong on the backend? Can tcpdump reveal what communication between you and the tunnel is happening? Brian > >> Try all of your pings again before and after connection (10.7.77.xx >> address, 128.187.22.200 address, google.com, and <work ip>). Try >> configuring your browser with the MTC proxy and accessing a webpage. >> >> Brian > > Pinging the addresses worked (google was a bit slow) except the ip of > my machine at work. I'll have to find time to get into work and get > the browser setup - I don't remember it right now. > > Thanks for being so patient. I wish I knew more and could take care > of this myself. > > -Rich > > -------------------- > BYU Unix Users Group > http://uug.byu.edu/ > > The opinions expressed in this message are the responsibility of > their author. They are not endorsed by BYU, the BYU CS Department or > BYU-UUG. > ___________________________________________________________________ > List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
