My home PC acts as router/NAT box for my LAN, which is 172.17.0.0/16. I
have an ipsec vpn configured to work where the lan is 172.16.59.0/24. My
PC has two NICs - eth0 is 172.17.0.3 and eth1 is my static IP with the ISP.
I can communicate in every way from work to home over ipsec. I can
communicate from any box on the home lan to work, except for the gateway
computer itself (my main computer at home). I could see with tcpdump
that the packets were going out eth1 so I did ip route add
172.16.59.0/24 via 172.17.0.3. Now when I ping work from the gw I see
the packets go and come back (and see them on my work computer, e.g.
13:48:22.607511 172.17.0.3 > gwythaint.wencor.com: icmp: echo request (DF)
13:48:22.607559 gwythaint.wencor.com > 172.17.0.3: icmp: echo reply),
but ping never gets them. Nor does any other networking seem to work -
somewhere between racoon picking up the reply and the application the
packet is getting lost. I'm not sure what the problem is or how to fix it.
Interesting configuration information follows.
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:60:97:e4:83:27 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/24 brd 172.17.0.255 scope global eth0
inet6 fe80::260:97ff:fee4:8327/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:ba:c1:fc:45 brd ff:ff:ff:ff:ff:ff
inet 166.70.37.150/30 brd 166.70.37.151 scope global eth1
inet6 fe80::250:baff:fec1:fc45/64 scope link
valid_lft forever preferred_lft forever
166.70.37.148/30 dev eth1 proto kernel scope link src 166.70.37.150
172.16.59.0/24 via 172.17.0.3 dev eth0
172.17.0.0/24 dev eth0 proto kernel scope link src 172.17.0.3
default via 166.70.37.149 dev eth1
spdadd 172.17.0.0/16 172.16.59.0/24 any -P out ipsec
esp/tunnel/166.70.37.150-12.30.196.35/require;
spdadd 172.16.59.0/24 172.17.0.0/16 any -P in ipsec
esp/tunnel/12.30.196.35-166.70.37.150/require;
|
Similar Threads
Linear Mode
