Topic: Freeswan - One way connection !

[Gaetan]

Hi,

I have E-Smith 5.1.2 installed in two sites; each site has an ADSL connection with STATIC IP addresses.

I have followed carefully (I think so !) the Freeswan howto + various topics in the forum.

Here is the details of the configuration:

Head Office:
E-Smith IP addresses:    Internal:   192.168.1.2
                                     External: 217.158.137.51
Router IP: 217.158.137.50

IPSEC Settings: Server

Remote Office:
E-Smith IP addresses:    Internal:   192.168.3.2
                                     External: 217.158.146.98
Router IP: 217.158.146.99

IPSEC Settings: Client


Once the Local Network is set up on each site, I then go back to IPSEC setting, update and save so the firewall rules are properly re-loaded.

Then, problem:
From the Remote office E-Smith box, I can ping all the network in the Head Office. The communication seems to work.

BUT when I try to ping the Remote office E-Smith box from the head office, I get nothing. It seems that the VPN connection only works ONE way (Remote to Head office).

If I try to ping from a client computer (from the remote office) another machine in the head office, then I cannot ping ! Only the E-Smith box seems to be able to communicate !

Can someone help ?

Thanks

[Steve Bush]

I know you probably did these, but I still mess them up and I've done it a dozen times.

***Make sure you copied the correct _updown file on both servers.  It should match the version of freeswan that is installed on your SME box.

Also make sure you put the correct IP addresses in the correct fields.  The one that I mess up is the remote router's internal IP address.  I end up putting in the address of the subnet instead of the server's internal IP.

You will also need two local network records added to each server.  One for the remote network's internal ip address range and the other for the single ip address of the remote external interface with a subnet of 255.255.255.255.

If it still doesn't work, you will need to dive into the log file to try troubleshooting the problem.

[steve]

It sounds like the Remote office is not configured with the SME server as the default gateway.
If this is the case, the Remote office will not know the route to get to the Head office.
Manually make an entry  to the routing tables on a computer that is on the Remote office network. The entry should point to the SME server as the gateway to your Head office network.
I.E
Network 192.168.1.0 Gateway 192.168.3.2

HTH
cheers
steve

[Gaetan]

Hi,

Thanks for your messages.
I decided to re-installed E-Smith on the remote server, applied the blade for V5.1.2, and the VPN rpm.
What I have also done is to update Samba to version 2.2.3a-1es on  both servers.
The VPN connection worked then straight away.

Regards.

[Steve Bush]

I'm glad it worked this time.  I have moved only one server to Samba 2.2.3a-1es, the others are stock 2.0.10-2(SME5)/2.2.2-6(SME5.1.2) versions.
I'm looking forward to testing upload of printer drivers in Samba 2.2.5 (when it is built for SME).  I've had problems with WinXP uploading drivers to Samba 2.2.2/2.2.3a.

[Peter]

I've had the same trouble. Later it turned out that I actually forgot to copy the right _updown!!

Some little mistakes can consume a lot of time if you don't watch out.