Re: silly vpn problems ?

[chakl_(_at_)_syscall_(_dot_)_de (Olaf Schreck)]

Thomas,

> after spending weeks on reading,tutorials, other postings and f** manuals
> about setting up vpn using ipsec (isakmpd) without success, i decided trying
> to find help in this mailinglist.

You should go for more structured debugging rather than just dumping 
your config.  Try to narrow down the problem and provide logs that 
show what you did, what works and what doesn't.

- drop all firewall rules (pass all) first, and turn them back on once 
  you've got the VPN setup running.  At this point you might know whether 
  the VPN is fine, and you excluded the firewall problem class temporarily.

- verify that both VPN gateways can talk IP to each other (ping and/or 
  otherwise connect).  This excludes the connectivity/routing problem class.

- start the isakmpd's on both gateways and sniff the ISAKMP negotiation 
  (tcpdump -vvn -i fxp0 -s 1500 udp port 500 [syntax typed from memory, 
  check the man page]).  This will tell you whether the gateways succeed 
  or fail establishing the tunnel, and usually reveals configuration 
  issues. 

- if configured and negotiated correctly, both protected networks should 
  be able to talk IP to each other (still assuming no firewall rules). 
  If this is the case, the VPN is working, goto firewall debugging. 
  Otherwise, you most certainly have an isakmpd config error.

- enable isakmpd debugging and check the syslog output, might give a clue 
  if things don't work.


ciao,
chakl
-- 
Olaf Schreck    chakl_(_at_)_syscall_(_dot_)_de        syscall() Network Solutions, Berlin