Topic: Help : Freeswan contrib on 5.1.2

[Kelvin]

Hi all,

I need some help with configuring (one last step) and troubleshooting an IPSec VPN setup using Darrell's freeswan contrib.

The layout is as follows (all IPs have been changed / simplified) :-

Office 1 (Set as Server)
======
LAN Workstations : 192.168.100.100 - 192.168.100.200 (DHCP assigned)
SME 5.1.2 Internal IP : 192.168.100.10
SME 5.1.2 External IP : 61.111.222.333
SME External G/W : 61.111.222.332
|
ADSL Modem
|
Internet
|
ADSL Modem
SME External G/W : 203.444.555.665
SME 5.1.2 External IP : 203.444.555.666
SME 5.1.2 Internal IP : 192.168.200.20
LAN Workstations : 192.168.200.100 - 192.168.200.200 (DHCP assigned)
======
Office 2 (Set as Client)

I've followed the how-to and entered all the parameters into the SME servers at both offices, except for step 4, which I don't quite get.

Quote :
======
In the SME server-manager "Local Networks" panel add the remote servers Local LAN subnet information (Remote network in the VPN page) and the remote servers outside interface address (Remote router external IP address). Single IP addresses have a subnet of 255.255.255.255.
==========
End Quote

So at office 1, in server-manager's Local Networks panel, if I try and set
Network address : 192.168.200.0 (network address of Office 2)
Subnet Mask : 255.255.255.0
Router : 203.444.555.666 (External IP address of SME at office 2)

and at Office 2,
Network address : 192.168.100.0 (network address of Office 1)
Subnet Mask : 255.255.255.0
Router : 61.111.222.333 (External IP address of SME at Office 1)

I get "Router address not reachable from local network" at both offices. So I cannot complete step 4. I am obviously using the wrong addresses here. What should they be ?

However, inspite of missing out of step 4, the following is occurring :-
At Office 2, pinging workstations addresses at Office 1 (like 192.168.100.100 and 192.168.100.10) works. In fact, I can even connect to and run a W2K Terminal Session from the terminal server at Office 1 via the server's IP address (although the terminal sessions are really flaky). I cannot however map any drives (via IP addresses or names) or access any of Office 1's PC or server names.

At Office 1, I can only ping the internal IP address of the SME at office 2 (ie. 192.168.200.20) but not any of the workstations IP addresses.

Help !

TIA !

Kelvin

[Kelvin]

OK Nevermind -- worked it out.

For the benefit of others who might come down this path :-

The text of step 4 is incorrect, I believe. It should read as follows instead :-

In the SME server-manager "Local Networks" panel add the remote servers Local LAN subnet information (Remote network in the VPN page) and the local router internal IP address. Single IP addresses have a subnet of 255.255.255.255.

or if we are basically talking about SME servers only (and not a mixture of hardware routers, etc.), then simply say :-

In the SME server-manager "Local Networks" panel add the remote servers Local LAN subnet information (Remote network in the VPN page) and enter the IP address of the local SME server under Router. Single IP addresses have a subnet of 255.255.255.255.

Then you should go back into the VPN Page and click on modify next to the defined VPN. When the settings appear, make sure your setting are correct and click Save (even if you made no changes). Do this at both SME servers. I found that without saving the VPN settings again after Step 4 of the how-to, I cannot get connections to anything other than the internal IP of the remote  SME server. Once I resaved the VPN settings (without needing to make any changes), I can now ping all workstations at the each end.

It happened this way for me. Your individual milage might well vary. But just in case anyone else encountered this issue, try this and see if it helps.

Cheers,

Kelvin