On 8/7/2010 10:49 AM, David Woodhouse wrote: > > It looks like the routes are all set up according to your VPN server's > configuration. You aren't routing *everything* to the VPN; only three > "Class B" subnets -- 10.85.0.0/16, 10.92.0.0/16 and 172.27.0.0/16. You > seem to have DNS set up properly to point to the VPN too. > > What makes you say it isn't working? What have you tried? > > If you run 'tcpdump -i tun0 -l -n -s 1500' do you see traffic on the > VPN? From your log it looks like you're sending packets but never > getting anything back. > > From another machine on the internal network, can you ping your VPN IP > address? Do you see incoming packets then? > Correct. We are only routing a few subnets. I tried to ping and telnet to a server on the 10.85.0.x network. I'll have to get some info from our network engineer so I can access the actual ASA box? tcpdump is below. If I'm reading it correctly, it shows no return traffic. I can ping my VPN IP from a PC on the 10.92.0.0 segment. C:\Users\mkitchin>ping 10.70.6.102 Pinging 10.70.6.102 with 32 bytes of data: Reply from 10.70.6.102: bytes=32 time=41ms TTL=63 AND Never mind..... I can ping something on the 10.92.X.X segment. That works! I just can't ping anything on the the 10.85.0.X segment. That could very well be something on our end. I am up and running though! I will start putting it through some stress tests to see if I can get better results that the workaround we had to do with VPNC. If I can, I will then beg for help with the OpenWRT part. If I could get a tar of the directory (definitely including the makefile!) that was used to compile the existing version in OpenWRT, I'm pretty sure I could work with that to make a newer package. [root at VM-MKLinux ~]# tcpdump -i tun0 -l -n -s 1500 tcpdump: WARNING: arptype 65534 not supported by libpcap - falling back to cooke d socket tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tun0, link-type LINUX_SLL (Linux cooked), capture size 1500 bytes 12:37:14.830886 IP 10.70.6.102.45755 > 10.85.0.11.domain: 54649+ AAAA? mirrors. arsc.edu. (34) 12:37:14.909903 IP 10.70.6.102 > 10.85.0.10: ICMP echo request, id 47403, seq 4, length 64 12:37:15.909625 IP 10.70.6.102 > 10.85.0.10: ICMP echo request, id 47403, seq 5, length 64 12:37:16.910638 IP 10.70.6.102 > 10.85.0.10: ICMP echo request, id 47403, seq 6, length 64 12:37:17.910379 IP 10.70.6.102 > 10.85.0.10: ICMP echo request, id 47403, seq 7, length 64 12:37:18.910228 IP 10.70.6.102 > 10.85.0.10: ICMP echo request, id 47403, seq 8, length 64 12:37:19.831129 IP 10.70.6.102.57366 > 10.85.0.10.domain: 29428+ AAAA? mirrors. arsc.edu.unix. (39)
