|
Post by Lee Sharp on Jun 16, 2015 17:42:01 GMT
I will try and duplicate the problem. If I can not, I may contact you offline if that is OK.
|
|
|
Post by descarte on Jun 16, 2015 18:58:39 GMT
No problem
|
|
|
Post by Lee Sharp on Jun 17, 2015 17:42:58 GMT
|
|
|
Post by descarte on Jun 18, 2015 18:41:11 GMT
Sorry Lee, few long long days on client sites...
OK, had a look.
Firewall = 192.168.1.1 Server Address = 192.168.1.222 Remote IP Range = 192.168.1.32/28
Static Route = 192.168.1.222/32 Gateway = 192.168.1.1
IF I connect to the firewall via VPN as 192.168.1.1 (on my internal LAN e.g. wireless) then I can now ping 192.168.1.1 where I couldn't before... Hmmm. If I connect to an external WIFI e.g. the VPN address is my external IP then I cannot ping 192.168.1.1
I tried Static route of 192.168.1.32/28 in case I'd read the instructions OK - Still no dice. As the article says - routing issues in the tunnel.
Appreciate you looking at this - I can ssh into my server at 192.168.1.10 and bring up a firefox session from there to 192.168.1.1, so all is not lost. The external wireless is on another subnet entirely. If they were on 192.168.1 then that could have been an issue.
|
|
|
Post by Lee Sharp on Jun 19, 2015 2:19:47 GMT
I am working on this. But I am also going on vacation on the 24th, so time is a bit tight. But I will also work on it while on vacation, so we will see.
|
|
|
Post by descarte on Jun 19, 2015 15:35:13 GMT
There's absolutely no urgency (as far as I'm concerned) It's a curiosity for me, as there is a workaround and actually having a working native VPN (L2TP) connection is a big bonus for me as I don't need to install any additional software from who knows where :-)
Enjoy the vacation.
|
|
|
Post by mikael on Sept 18, 2015 15:27:20 GMT
I seem to have the same problem as the original poster. I am trying to get connected with Mac OS build in L2TP/IPSec client to a smallwall router. No luck. Please tell me what information I should post and what I can do to help debug this issue.
I use MacOS 10.10 (Yosemite). I have also tried to connect my old iPhone 3GS (iOS 6) with no luck either.
I also wanted to test connecting my Ubuntu workstation and my Debian netbook, but did not find any way to do that in Network Manager. I do not have any Windows machines to try conneting with.
TIA, Mikael
|
|
|
Post by mikael on Sept 18, 2015 15:59:28 GMT
Perhaps I spoke too soon. I am now able to connect my Mac. I can ping machines on the LAN and connect to them with remote desktop client. Fine!
One problem remains: I am not able to connect to smallwall web interface on the LAN address while connected with L2TP/Ipsec. I can't even ping it. This was possible with PPTP VPN.
I have tried the static route trick refered to in the old m0n0wall document, but it does not make any difference.
Any ideas? TIA, Mikael
|
|
|
Post by Lee Sharp on Sept 18, 2015 16:41:35 GMT
To be honest, this had slipped my mind, and I had not looked into it for some time. I will have to start over and see what I can find out. Thanks for bringing it back to my attention!
|
|
|
Post by Lee Sharp on Sept 21, 2015 15:23:03 GMT
|
|
|
Post by mikael on Sept 22, 2015 8:39:49 GMT
Hi Lee,
I read the tread but I don't see how "L2TP/IPSec breakes Mobile IPSec" applies to the problem I reported.
|
|
|
Post by Lee Sharp on Sept 22, 2015 17:37:11 GMT
Because L2TP/IPSec and Mobile IPSec use the same program, Racoon, and Andy found issues with the way it was building routes. His patch may address routing building on both.
|
|
|
Post by mikael on Sept 23, 2015 8:06:48 GMT
Thank you for explaining that! I will build a test system so I can more easily try beta releases and I'll report back as soon as I can.
|
|
|
Post by Lee Sharp on Sept 23, 2015 15:36:44 GMT
Thanks! Testing is very helpful. When you know the code you sometimes make assumptions that no one else will.
|
|
|
Post by mikael on Nov 2, 2015 15:05:54 GMT
Ok, I have now installed Andy's latest t1n1wall beta (1.10.2b69) based on FreeBSD 10.2 on a test system to see if racoon behaves better. Maybe it does. I don't know, because I'm not able to even get the L2TP/Ipsec client to connect. I have configured the t1n1wall with the same parameters as I configured smallwall.
Logs say: racoon: ERROR: invalid hmac algorithm 2. racoon: [XX.XX.XX.XX] ERROR: failed to process ph1 packet (side: 1, status: 4). racoon: [XX.XX.XX.XX] ERROR: phase1 negotiation failed.
Where XX.XX.XX.XX is my VPN client's IP address.
Maybe I'm trying wrong t1n1wall beta for this purpose?
TIA, Mikael
|
|