Shrew windows tunnel works, linux tunnel fails



  • I am using  PFsense 2.0RC1, and  i have created a IPsec mobile client VPN using  the tutorial.

    On a windows  notebook the ipsec tunnel is fully working using the shrew soft client, but on my linux (mint 11) notebook, the tunnel comes up, but i cant get any traffic trough it. In example a simple ping to the Pfsense LAN ip fails.

    I already disabled spoof protection.

    I suppose the problem is in the automatic creates of a route on the linux notebook, but i cant figure out what the exact problem is.
    Anyone has some tips i can try?



  • when tunnel is up try```
    route



  • Route command if vpn active:

    Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
    192.168.78.0    *                    255.255.255.0  U    0      0        0 tap0
    192.168.3.0    *                    255.255.255.0  U    1      0        0 eth0
    192.168.3.0    *                    255.255.255.0  U    2      0        0 wlan0
    192.168.0.0    192.168.78.1    255.255.254.0  UG    0      0        0 tap0
    link-local      *                          255.255.0.0    U    1000  0        0 eth0
    default        192.168.3.1          0.0.0.0        UG    0      0        0 eth0

    192.168.78.x is my ipsec mobile client range configured in PFsense.
    192.168.0.x/23 is my remote subnet.
    192.168.3.x is my local network (in this instance at home).

    Looks good to me??
    Anyone some tips?



  • and what rules you have in vpn tunnel itself?



  • @Metu69salemi:

    and what rules you have in vpn tunnel itself?

    On my pfsense box you mean?



  • Yes, you must have firewall rules in the VPN (racoon or openVPN) before it allows traffic to pass over the VPN.



  • @podilarius:

    Yes, you must have firewall rules in the VPN (racoon or openVPN) before it allows traffic to pass over the VPN.

    I have configured my firewall rules correctly, since traffic can go trough the tunnel on a windows client.



  • Do you have iptables enabled on the linux system?



  • No



  • Then i don't know, sorry



  • If you traceroute from the linux system to something behind the remote firewall, where does it hang in the path?



  • Enabled tunnel, gave command route and traceroute… (this is from a different location)

    thijs@ltthijslinux ~ $ route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    172.28.201.0    *               255.255.255.0   U     1      0        0 eth0
    192.168.78.0    *               255.255.255.0   U     0      0        0 tap0
    192.168.0.0     192.168.78.1    255.255.254.0   UG    0      0        0 tap0
    link-local      *               255.255.0.0     U     1000   0        0 eth0
    default         172.28.201.254  0.0.0.0         UG    0      0        0 eth0
    thijs@ltthijslinux ~ $ traceroute 192.168.0.1
    traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets
     1  * * *
     2  * * *
     3  * * *
     4  * * *
     5  * * *
    


  • Not sure … I tested my Shew in Linux and it worked. Though mine it not using a tunnel interface. I have use existing adapter and I have a policy of the remote network.


Log in to reply