5

NETKEY IPsec and ARP

view full story
linux-howto

http://serverfault.com – I'm wondering if I have the correct routing setup for an IPsec tunnel. I have control over the IPsec endpoints and the hosts connected to one side. These hosts are connecting to the tunnel so that they have access to the network on the other side of what I will call the IPsec server. I don't have control of the network upstream of this server. Normally, the IPsec server will not respond to ARP requests for the hosts on the other side of the tunnel. So when a packet arrives for one of my hosts the server gets ARP requests, but the upstream router gets no response, and cannot construct the ethe (HowTos)

u85500's picture
Submitted by u85500 on 03/23/2012 – Made popular on 03/23/2012

Stories similar to NETKEY IPsec and ARP

OpenSwan issues 3 years 43 weeks ago

I'm trying to perform a VPN lan to lan IPSEC connection. By my side, I have a server with 2 IP's, i.j.k.l (destined to act as a VPN gateway) and i.j.k.m (the server). I am a newbie. I don't know if this configuration is normal, but it's forced by our partner.

My configuration is:

OS: Fedora release 7 (Moonshine)

I recieved a list of commands that were run on the right side of the VPN tunnel which is where the Cisco ASA resides. On my side, I have a linux based firewall running debian with openswan installed.

I’ve run into a of a routing issue pertaining to packets leaving a firewall, traversing and IPSec tunnel, hitting the target and then returning via a different tunnel, finally arriving back on the source firewall but on a different interface from where it started. Once the packet has returned to the firewall it is dropped… I’ve been unable to discover the reason for the drop.

Routing for a VPN Gateway Setup 2 years 21 weeks ago

Hello,

I've been trying to setup an IPSec connection between two routers, but am having trouble with the actual packet routing.

My setup currently is two local networks (192.168.1.0/24[netLANA] and 192.168.0.0/24[netLANB]) that are connected to their own routers (192.168.1.1 and 192.168.0.1 respectively). The routers are both connected to the 194.26.1.0/24[netWAN] network.

I am trying to set up an ipsec tunnel between our ASA 5505 and a Juniper ssg5. The tunnel is up and running, but I cannot get any data through it.

The local network I am on is 172.16.1.0 and the remote is 192.168.70.0. But I cannot ping anything on their netowork. I receive a "Phase 2 OK" when I set up the ipsec.

I think this is the part of the config that is applicable.

I use dd-wrt as my home router setup and that's been working fine. Now I wanted to figure out a way to be able to use my iPad to set up a IPSec tunnel to my home network while I'm on the road.

PPTP is pretty much insecure at this point so I want to use something IPSec based. Based on what I can find, dd-wrt does not support IPSec.

I have done the setup of a ipsec/l2tpd vpn server followin this tutorial http://blog.riobard.com/2010/04/30/l2tp-over-ipsec-ubuntu.

I'm able to connect to the server, and redirect all traffic through the vpn from a mac os machine.

I'm completely lost as to how to why this doesn't work. I can't ping, much less reach resources on the other side.

I have the following situation:

Client subnet(192.168.0.0 /24)---->Router---->Internet---->ASA(172.17.0.2 /24)---->(172.17.0.1 /24)Gateway---->(10.0.0.0 /8)Many subnets

I need to logically connect the client subnet to the "many subnets". On the left side I have a Cisco 2901 and on the other an ASA. I built an IPsec connection between the router and the ASA. The IPsec connection itself works bu