Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vladimir Kozlovsky2014-09-06 22:02:14
VPN
Vladimir Kozlovsky, 2014-09-06 22:02:14

Cisco IPSec client does not ping (racoon, vpnc). Routing problem?

The server is racoon ( debian ).
As a client - vpnc ( debian ).
The connection is established, the vpnc client does not ping from the server and other network clients.
At the same time, OS X and iOS clients ping without problems.
racoon config:
cat /etc/racoon/racoon.conf

log notify;
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

listen {
    isakmp 188.226.183.10 [500];
    isakmp_natt 188.226.183.10 [4500];
}

remote anonymous {
    exchange_mode aggressive, main, base;
    mode_cfg on;
    proposal_check obey;
    nat_traversal on;
    generate_policy unique;
    ike_frag on;
    passive on;
    dpd_delay 30;

    proposal {
        lifetime time 28800 sec;
        encryption_algorithm 3des;
        hash_algorithm md5;
        authentication_method xauth_psk_server;
        dh_group 2;
    }
}

sainfo anonymous {
    encryption_algorithm aes, 3des, blowfish;
    authentication_algorithm hmac_sha1, hmac_md5;
    compression_algorithm deflate;
}

mode_cfg {
    auth_source system;
    dns4 8.8.8.8;
    banner "/etc/racoon/motd";
    save_passwd on;
    network4 10.12.0.10;
    netmask4 255.255.255.0;
    pool_size 100;
    pfs_group 2;
}

vpnc config:
$ cat /etc/vpnc/default.conf
IPSec gateway mydomain.com
IPSec ID mygroup
IPSec secret mygroupsecret
IKE Authmode psk
Xauth username username
Xauth password password
NAT Traversal Mode natt

Routing:
$route
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *               0.0.0.0         U     0      0        0 tun0
10.0.1.0        *               255.255.255.0   U     0      0        0 eth0
10.12.0.0       *               255.255.255.0   U     0      0        0 tun0
mydomain.com        10.0.1.1        255.255.255.255 UGH   0      0        0 eth0

Interface IP addresses:
eth0 10.0.1.100
tun0 10.12.0.10

Ping comes in:
$ tcpdump -i tun0 -qtln icmp
IP 188.226.183.10 > 10.12.0.10: ICMP echo request, id 12062, seq 1, length 64
IP 188.226.183.10 > 10.12.0.10: ICMP echo request, id 12062, seq 2, length 64

Leaves through another interface:
$ tcpdump -i eth0 -qtln icmp
IP 10.12.0.10 > 188.226.183.10: ICMP echo reply, id 12062, seq 94, length 64
IP 10.12.0.10 > 188.226.183.10: ICMP echo reply, id 12062, seq 95, length 64

I think that the answer should also go by tun0 , but I'm a programmer, not a system administrator.
I would be extremely grateful for a solution.
Thank you!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
C
Cool Admin, 2014-09-06
@ifaustrue

Do you have iptables disabled for sure (or have the necessary rules for disabling masquerading been added to it)? Because, judging by the routing, everything is ok with it.

Similar questions
J
Jacob2016-05-14 18:51:36
Mikrotik: VPN to the object, does not work out forwarding to the PPTP interface, who is to blame? 0Reply
N
NzXr2016-05-15 23:44:58
VPN-Tor_VPN Is it correct? 1Reply
E
eMKay2018-10-16 13:37:55
How to set up pptp client traffic from ether4 to ether1 in Mikrotik? 1Reply
A
Alexey Tipa2018-10-16 14:00:47
Will Teamviewer and VPN work? 1Reply
J
joseph22014-03-28 14:11:00
How to allow traffic to bypass the VPN client on a DD-WRT router? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question