OpenSwan - IPSec VPN - tunnel established but can't see a specific server thereIPsec/L2TP VPN with OSX...
What's the name of the logical fallacy where a debater extends a statement far beyond the original statement to make it true?
Why Shazam when there is already Superman?
Has the laser at Magurele, Romania reached a tenth of the Sun's power?
Merge org tables
Mimic lecturing on blackboard, facing audience
Why is it that I can sometimes guess the next note?
How does electrical safety system work on ISS?
Why do Radio Buttons not fill the entire outer circle?
Temporarily disable WLAN internet access for children, but allow it for adults
Review your own paper in Mathematics
Change the color of a single dot in `ddot` symbol
Non-trope happy ending?
Is it allowed to activate the ability of multiple planeswalkers in a single turn?
Will the Sticky MAC access policy prevent unauthorized hubs from connecting to a network?
"It doesn't matter" or "it won't matter"?
Make a Bowl of Alphabet Soup
Why the "ls" command is showing the permissions of files in a FAT32 partition?
How to preserve electronics (computers, iPads and phones) for hundreds of years
What kind of floor tile is this?
Biological Blimps: Propulsion
Do we have to expect a queue for the shuttle from Watford Junction to Harry Potter Studio?
Permission on Database
Confused about Cramer-Rao lower bound and CLT
In a multiple cat home, how many litter boxes should you have?
OpenSwan - IPSec VPN - tunnel established but can't see a specific server there
IPsec/L2TP VPN with OSX client: xl2tpd reports “maximum retries exceeded”StrongSwan - Windows 7 0 IPSec IKEv2 connection problemsWatchguard L2TP over IPsec passthroughConfigure ipsec vpn tunnel (network to network with IKE with preshared key) on Centos 6 with openswanOpenSwan + AWS + Ubuntu 14.04 - Cannot reach serverIPSec VPN Fortigate Phase 2 stuckOpenswan IPSec VPN on AWS tunnel established but no trafficOpenSwan VPN IPSEC Tunnel ConnectionCan't establish site to site vpn connection between Cisco 3900 and strongSwan clientipsec config in strongSwan
I have to connect my server to a VPN tunnel thought Internet to see a local server that is on IP 192.168.20.100
Here are IPSec AND IKE settings from server (not mine , I do not own the VPN server)
Settings
Here is tunnel data:
- Public IP: 213.0.XXX.YYY
- The local server I want to see: 192.168.20.100
- Network: 192.168.20.0/24
- Pre-Shared Key: XXXXXXXXXX
I've installed openswan on my CentOS 7 server (which is the client here)
Here is IPSec config from my client
# /etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
config setup
nat_traversal=yes
virtual_private=%v4:192.168.20.0/24
protostack=netkey
interfaces=ens160
oe=off
klipsdebug=all
plutodebug="all"
conn l2tp-psk
authby=secret
pfs=no
auto=add
rekey=yes
ikev2=insist
ike=aes256-sha2_256
#esp=aes256-sha2_256
phase2alg=aes256-sha2_256
compress=no
type=tunnel
left=149.56.XXX.YYY
leftnexthop=%defaultroute
leftprotoport=17/1701
right=213.0.XXX.YYY
rightsourceip=192.168.20.100
rightsubnet=192.168.20.0/24
rightnexthop=%defaultroute
rightprotoport=17/1701
My ipsec.secret:
# /etc/ipsec.secrets
%any 213.0.XXX.YYY : PSK "XXXXXXXXXXXXXXXXX"
When I execute "ipsec auto --up l2tp-psk" the tunnel is established correctly:
002 "l2tp-psk": terminating SAs using this connection
002 "l2tp-psk" #506: deleting state #506 (STATE_PARENT_I3)
005 "l2tp-psk" #506: ESP traffic information: in=0B out=0B
002 "l2tp-psk" #505: deleting state #505 (STATE_PARENT_I3)
002 "l2tp-psk": deleting connection
002 added connection description "l2tp-psk"
002 "l2tp-psk" #507: initiating v2 parent SA
133 "l2tp-psk" #507: STATE_PARENT_I1: initiate
133 "l2tp-psk" #507: STATE_PARENT_I1: sent v2I1, expected v2R1
133 "l2tp-psk" #507: STATE_PARENT_I1: sent v2I1, expected v2R1
134 "l2tp-psk" #508: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=aes_256 integ=sha256_128 prf=OAKLEY_SHA2_256 group=MODP1536}
002 "l2tp-psk" #508: IKEv2 mode peer ID is ID_IPV4_ADDR: '213.0.XXX.YYY'
002 "l2tp-psk" #508: negotiated tunnel [149.56.XXX.YYY,149.56.XXX.YYY:1701-1701 17] -> [192.168.20.0,192.168.20.255:1701-1701 17]
004 "l2tp-psk" #508: STATE_PARENT_I3: PARENT SA established tunnel mode {ESP=>0x6856ad5c <0x15452663 xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=none DPD=passive}
But when I ping 192.168.20.100 there is no response (ping on that server is allowed).
I don't own the VPN server network or local server on 192.168.20.100 but I can ask questions to the owners.
What should I try? I'm suposed to be able to see an Oracle service running on 192.168.20.100:1521
Thanks in advance.
linux centos vpn ipsec openswan
asked Nov 30 '16 at 18:13
user3781074user3781074
63
bumped to the homepage by Community♦ 9 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have to connect my server to a VPN tunnel thought Internet to see a local server that is on IP 192.168.20.100
Here are IPSec AND IKE settings from server (not mine , I do not own the VPN server)
Settings
Here is tunnel data:
- Public IP: 213.0.XXX.YYY
- The local server I want to see: 192.168.20.100
- Network: 192.168.20.0/24
- Pre-Shared Key: XXXXXXXXXX
I've installed openswan on my CentOS 7 server (which is the client here)
Here is IPSec config from my client
# /etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
config setup
nat_traversal=yes
virtual_private=%v4:192.168.20.0/24
protostack=netkey
interfaces=ens160
oe=off
klipsdebug=all
plutodebug="all"
conn l2tp-psk
authby=secret
pfs=no
auto=add
rekey=yes
ikev2=insist
ike=aes256-sha2_256
#esp=aes256-sha2_256
phase2alg=aes256-sha2_256
compress=no
type=tunnel
left=149.56.XXX.YYY
leftnexthop=%defaultroute
leftprotoport=17/1701
right=213.0.XXX.YYY
rightsourceip=192.168.20.100
rightsubnet=192.168.20.0/24
rightnexthop=%defaultroute
rightprotoport=17/1701
My ipsec.secret:
# /etc/ipsec.secrets
%any 213.0.XXX.YYY : PSK "XXXXXXXXXXXXXXXXX"
When I execute "ipsec auto --up l2tp-psk" the tunnel is established correctly:
002 "l2tp-psk": terminating SAs using this connection
002 "l2tp-psk" #506: deleting state #506 (STATE_PARENT_I3)
005 "l2tp-psk" #506: ESP traffic information: in=0B out=0B
002 "l2tp-psk" #505: deleting state #505 (STATE_PARENT_I3)
002 "l2tp-psk": deleting connection
002 added connection description "l2tp-psk"
002 "l2tp-psk" #507: initiating v2 parent SA
133 "l2tp-psk" #507: STATE_PARENT_I1: initiate
133 "l2tp-psk" #507: STATE_PARENT_I1: sent v2I1, expected v2R1
133 "l2tp-psk" #507: STATE_PARENT_I1: sent v2I1, expected v2R1
134 "l2tp-psk" #508: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=aes_256 integ=sha256_128 prf=OAKLEY_SHA2_256 group=MODP1536}
002 "l2tp-psk" #508: IKEv2 mode peer ID is ID_IPV4_ADDR: '213.0.XXX.YYY'
002 "l2tp-psk" #508: negotiated tunnel [149.56.XXX.YYY,149.56.XXX.YYY:1701-1701 17] -> [192.168.20.0,192.168.20.255:1701-1701 17]
004 "l2tp-psk" #508: STATE_PARENT_I3: PARENT SA established tunnel mode {ESP=>0x6856ad5c <0x15452663 xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=none DPD=passive}
But when I ping 192.168.20.100 there is no response (ping on that server is allowed).
I don't own the VPN server network or local server on 192.168.20.100 but I can ask questions to the owners.
What should I try? I'm suposed to be able to see an Oracle service running on 192.168.20.100:1521
Thanks in advance.
linux centos vpn ipsec openswan
asked Nov 30 '16 at 18:13
user3781074user3781074
63
bumped to the homepage by Community♦ 9 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have to connect my server to a VPN tunnel thought Internet to see a local server that is on IP 192.168.20.100
Here are IPSec AND IKE settings from server (not mine , I do not own the VPN server)
Settings
Here is tunnel data:
- Public IP: 213.0.XXX.YYY
- The local server I want to see: 192.168.20.100
- Network: 192.168.20.0/24
- Pre-Shared Key: XXXXXXXXXX
I've installed openswan on my CentOS 7 server (which is the client here)
Here is IPSec config from my client
# /etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
config setup
nat_traversal=yes
virtual_private=%v4:192.168.20.0/24
protostack=netkey
interfaces=ens160
oe=off
klipsdebug=all
plutodebug="all"
conn l2tp-psk
authby=secret
pfs=no
auto=add
rekey=yes
ikev2=insist
ike=aes256-sha2_256
#esp=aes256-sha2_256
phase2alg=aes256-sha2_256
compress=no
type=tunnel
left=149.56.XXX.YYY
leftnexthop=%defaultroute
leftprotoport=17/1701
right=213.0.XXX.YYY
rightsourceip=192.168.20.100
rightsubnet=192.168.20.0/24
rightnexthop=%defaultroute
rightprotoport=17/1701
My ipsec.secret:
# /etc/ipsec.secrets
%any 213.0.XXX.YYY : PSK "XXXXXXXXXXXXXXXXX"
When I execute "ipsec auto --up l2tp-psk" the tunnel is established correctly:
002 "l2tp-psk": terminating SAs using this connection
002 "l2tp-psk" #506: deleting state #506 (STATE_PARENT_I3)
005 "l2tp-psk" #506: ESP traffic information: in=0B out=0B
002 "l2tp-psk" #505: deleting state #505 (STATE_PARENT_I3)
002 "l2tp-psk": deleting connection
002 added connection description "l2tp-psk"
002 "l2tp-psk" #507: initiating v2 parent SA
133 "l2tp-psk" #507: STATE_PARENT_I1: initiate
133 "l2tp-psk" #507: STATE_PARENT_I1: sent v2I1, expected v2R1
133 "l2tp-psk" #507: STATE_PARENT_I1: sent v2I1, expected v2R1
134 "l2tp-psk" #508: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=aes_256 integ=sha256_128 prf=OAKLEY_SHA2_256 group=MODP1536}
002 "l2tp-psk" #508: IKEv2 mode peer ID is ID_IPV4_ADDR: '213.0.XXX.YYY'
002 "l2tp-psk" #508: negotiated tunnel [149.56.XXX.YYY,149.56.XXX.YYY:1701-1701 17] -> [192.168.20.0,192.168.20.255:1701-1701 17]
004 "l2tp-psk" #508: STATE_PARENT_I3: PARENT SA established tunnel mode {ESP=>0x6856ad5c <0x15452663 xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=none DPD=passive}
But when I ping 192.168.20.100 there is no response (ping on that server is allowed).
I don't own the VPN server network or local server on 192.168.20.100 but I can ask questions to the owners.
What should I try? I'm suposed to be able to see an Oracle service running on 192.168.20.100:1521
Thanks in advance.
linux centos vpn ipsec openswan
asked Nov 30 '16 at 18:13
user3781074user3781074
63
I have to connect my server to a VPN tunnel thought Internet to see a local server that is on IP 192.168.20.100
Here are IPSec AND IKE settings from server (not mine , I do not own the VPN server)
Settings
Here is tunnel data:
- Public IP: 213.0.XXX.YYY
- The local server I want to see: 192.168.20.100
- Network: 192.168.20.0/24
- Pre-Shared Key: XXXXXXXXXX
I've installed openswan on my CentOS 7 server (which is the client here)
Here is IPSec config from my client
# /etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
config setup
nat_traversal=yes
virtual_private=%v4:192.168.20.0/24
protostack=netkey
interfaces=ens160
oe=off
klipsdebug=all
plutodebug="all"
conn l2tp-psk
authby=secret
pfs=no
auto=add
rekey=yes
ikev2=insist
ike=aes256-sha2_256
#esp=aes256-sha2_256
phase2alg=aes256-sha2_256
compress=no
type=tunnel
left=149.56.XXX.YYY
leftnexthop=%defaultroute
leftprotoport=17/1701
right=213.0.XXX.YYY
rightsourceip=192.168.20.100
rightsubnet=192.168.20.0/24
rightnexthop=%defaultroute
rightprotoport=17/1701
My ipsec.secret:
# /etc/ipsec.secrets
%any 213.0.XXX.YYY : PSK "XXXXXXXXXXXXXXXXX"
When I execute "ipsec auto --up l2tp-psk" the tunnel is established correctly:
002 "l2tp-psk": terminating SAs using this connection
002 "l2tp-psk" #506: deleting state #506 (STATE_PARENT_I3)
005 "l2tp-psk" #506: ESP traffic information: in=0B out=0B
002 "l2tp-psk" #505: deleting state #505 (STATE_PARENT_I3)
002 "l2tp-psk": deleting connection
002 added connection description "l2tp-psk"
002 "l2tp-psk" #507: initiating v2 parent SA
133 "l2tp-psk" #507: STATE_PARENT_I1: initiate
133 "l2tp-psk" #507: STATE_PARENT_I1: sent v2I1, expected v2R1
133 "l2tp-psk" #507: STATE_PARENT_I1: sent v2I1, expected v2R1
134 "l2tp-psk" #508: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=aes_256 integ=sha256_128 prf=OAKLEY_SHA2_256 group=MODP1536}
002 "l2tp-psk" #508: IKEv2 mode peer ID is ID_IPV4_ADDR: '213.0.XXX.YYY'
002 "l2tp-psk" #508: negotiated tunnel [149.56.XXX.YYY,149.56.XXX.YYY:1701-1701 17] -> [192.168.20.0,192.168.20.255:1701-1701 17]
004 "l2tp-psk" #508: STATE_PARENT_I3: PARENT SA established tunnel mode {ESP=>0x6856ad5c <0x15452663 xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=none DPD=passive}
But when I ping 192.168.20.100 there is no response (ping on that server is allowed).
I don't own the VPN server network or local server on 192.168.20.100 but I can ask questions to the owners.
What should I try? I'm suposed to be able to see an Oracle service running on 192.168.20.100:1521
Thanks in advance.
linux centos vpn ipsec openswan
linux centos vpn ipsec openswan
asked Nov 30 '16 at 18:13
user3781074user3781074
63
asked Nov 30 '16 at 18:13
user3781074user3781074
63
edited Nov 30 '16 at 18:33
user3781074
asked Nov 30 '16 at 18:13
user3781074user3781074
63
asked Nov 30 '16 at 18:13
user3781074user3781074
63
asked Nov 30 '16 at 18:13
user3781074user3781074
63
63
bumped to the homepage by Community♦ 9 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 9 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
You should check the routing table. Do an ip route list and see exactly what routes are shown there. Be sure that a route from your computer to rightsubnet exists and it's through the ipsec tunnel
answered Feb 16 '17 at 12:35
Bogdan StoicaBogdan Stoica
1695
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f817959%2fopenswan-ipsec-vpn-tunnel-established-but-cant-see-a-specific-server-there%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You should check the routing table. Do an ip route list and see exactly what routes are shown there. Be sure that a route from your computer to rightsubnet exists and it's through the ipsec tunnel
answered Feb 16 '17 at 12:35
Bogdan StoicaBogdan Stoica
1695
add a comment |
You should check the routing table. Do an ip route list and see exactly what routes are shown there. Be sure that a route from your computer to rightsubnet exists and it's through the ipsec tunnel
answered Feb 16 '17 at 12:35
Bogdan StoicaBogdan Stoica
1695
add a comment |
You should check the routing table. Do an ip route list and see exactly what routes are shown there. Be sure that a route from your computer to rightsubnet exists and it's through the ipsec tunnel
answered Feb 16 '17 at 12:35
Bogdan StoicaBogdan Stoica
1695
You should check the routing table. Do an ip route list and see exactly what routes are shown there. Be sure that a route from your computer to rightsubnet exists and it's through the ipsec tunnel
answered Feb 16 '17 at 12:35
Bogdan StoicaBogdan Stoica
1695
answered Feb 16 '17 at 12:35
Bogdan StoicaBogdan Stoica
1695
answered Feb 16 '17 at 12:35
Bogdan StoicaBogdan Stoica
1695
answered Feb 16 '17 at 12:35
Bogdan StoicaBogdan Stoica
1695
1695
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f817959%2fopenswan-ipsec-vpn-tunnel-established-but-cant-see-a-specific-server-there%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
