[Vyatta-users] VPN traffic issue: no traffic flow.

Tue, 04 Sep 2007 13:20:41 -0700 

Hello, all.

I've upgraded to VC2.2 so I could use the VPN features to its fullest. But
my tunnel, after it's successfully estabilished, doesn't transfer any data.
I can see it's connected on both ends (Vyatta and a Linksys), by means of:
"IPSec Process Running  PID: 4855 1 Active IPsec Tunnels" and "000 #2: "
peer-1.2.3.4-tunnel-1":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 6731s; newest IPSEC; eroute owner" in Vyatta side, and "
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel
Connected" on my router.

Pinging from Vyatta the router's internal IP gets me destination
unreachable. So I don't get traffic flow.

As Vyatta uses Openswan, I went to "
http://wiki.openswan.org/index.php/Openswan/DebuggingTCPDump"; and saw that I
have a situation D problem. It says that's because of misconfiguration (I
don't think so, as the tunnel is OK by the debug output) or firewall.

I thought that it could be a firewall issue, so I asked my ISP to make my
machine wide open to the internet so I could avoid that kind of problem, and
so it is. And still no good.

It also says to capture packets from my ipsec0 iface, but I couldn't find
any. Capturing data that was transiting in my active ipsec interface eth0
while I was pinging the 'right' router internal IP, I saw ARP requests that
weren't being fulfilled: "19:12:30.275395 arp who-has 192.168.0.101 tell
5.6.7.8" (5.6.7.8 being the eth0 public IP)

Issuing a netstat -nr told me that the the iface to 192.168.0.0/24 is eth0
(I thought that should be ipsec0?):
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
5.6.7.8   0.0.0.0             255.255.255.240 U         0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0
eth0
192.168.10.0    0.0.0.0         255.255.255.0   U         0 0          0
eth1

And an ifconfig didn't get me any ipsec iface, only eth0, eth1 and lo.

So, my question is: did anyone get VPN working in Vyatta 2.2? Does it show
an ipsec ifsace on Linux (outside xorpsh)? If not, how can I proceed my
debug, where should I look?

Thanks in advance. Any pointer is very welcome.

Leo

_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Reply via email to