Shrew windows tunnel works, linux tunnel fails
-
I am using PFsense 2.0RC1, and i have created a IPsec mobile client VPN using the tutorial.
On a windows notebook the ipsec tunnel is fully working using the shrew soft client, but on my linux (mint 11) notebook, the tunnel comes up, but i cant get any traffic trough it. In example a simple ping to the Pfsense LAN ip fails.
I already disabled spoof protection.
I suppose the problem is in the automatic creates of a route on the linux notebook, but i cant figure out what the exact problem is.
Anyone has some tips i can try? -
when tunnel is up try```
route -
Route command if vpn active:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.78.0 * 255.255.255.0 U 0 0 0 tap0
192.168.3.0 * 255.255.255.0 U 1 0 0 eth0
192.168.3.0 * 255.255.255.0 U 2 0 0 wlan0
192.168.0.0 192.168.78.1 255.255.254.0 UG 0 0 0 tap0
link-local * 255.255.0.0 U 1000 0 0 eth0
default 192.168.3.1 0.0.0.0 UG 0 0 0 eth0192.168.78.x is my ipsec mobile client range configured in PFsense.
192.168.0.x/23 is my remote subnet.
192.168.3.x is my local network (in this instance at home).Looks good to me??
Anyone some tips? -
and what rules you have in vpn tunnel itself?
-
-
Yes, you must have firewall rules in the VPN (racoon or openVPN) before it allows traffic to pass over the VPN.
-
Yes, you must have firewall rules in the VPN (racoon or openVPN) before it allows traffic to pass over the VPN.
I have configured my firewall rules correctly, since traffic can go trough the tunnel on a windows client.
-
Do you have iptables enabled on the linux system?
-
No
-
Then i don't know, sorry
-
If you traceroute from the linux system to something behind the remote firewall, where does it hang in the path?
-
Enabled tunnel, gave command route and traceroute… (this is from a different location)
thijs@ltthijslinux ~ $ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.28.201.0 * 255.255.255.0 U 1 0 0 eth0 192.168.78.0 * 255.255.255.0 U 0 0 0 tap0 192.168.0.0 192.168.78.1 255.255.254.0 UG 0 0 0 tap0 link-local * 255.255.0.0 U 1000 0 0 eth0 default 172.28.201.254 0.0.0.0 UG 0 0 0 eth0 thijs@ltthijslinux ~ $ traceroute 192.168.0.1 traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * -
Not sure … I tested my Shew in Linux and it worked. Though mine it not using a tunnel interface. I have use existing adapter and I have a policy of the remote network.