IPSEC and racoon setup

To: NetBSD users <netbsd-users%netbsd.org@localhost>
Subject: IPSEC and racoon setup
From: Brook Milligan <brook%nmsu.edu@localhost>
Date: Wed, 21 Mar 2012 09:13:58 -0600

I am trying to set up a VPN using IPSEC and racoon.  Here is the basic
network configuration.

VPN client <-- tunnel --> VPN gateway <-- LAN --> Server
172.20.128.1/16           172.20.0.245/16         172.20.0.10/16

The tunnel seems to be set up fine by racoon.  For example, I can ping
the gateway from the client, two apparently correct entries in SPD are
present in both the client and the gateway, and the server receives and
responds to pings from the client.

The problem is that the server's responses to the client's pings are
not routed back to the client.  Thus, it seems this is a network
routing problem rather than an IPSEC problem, but I'm not sure exactly
what should be done to route the packets correctly.

Should I be seeing the server's ping responses on any of the gateway's
interfaces?  (I can't.)

Must every server on the LAN have routes back through the gateway?
That seems wrong.

How can the gateway be configured to route appropriate packets back
through the tunnel and can that be automated when clients connect?

I feel like I must be missing something obvious.  Thanks for your help.

Cheers,
Brook

Follow-Ups:
- Re: IPSEC and racoon setup
  - From: Greg Troxel

Prev by Date: Re: NetBSD Guide "Using the tools" ?
Next by Date: Is scim core dump due to ld.elf_so? (Re: SCIM on NetBSD with native X11?)
Previous by Thread: NetBSD Guide "Using the tools" ?
Next by Thread: Re: IPSEC and racoon setup
Indexes:

Home | Main Index | Thread Index | Old Index