You are not logged in.
- Topics: Active | Unanswered
#1 2016-09-21 20:05:13
- guagno333
- Member
- Registered: 2016-06-20
- Posts: 32
Shrew: no traffic flow
Hello.
I'm trying to connect to my corporate's VPN, and I'm having trouble in using shrew, since shrew can establish a connection and open a tunnel, but no traffic flows. I can't even ping google's DNS, for example. I obviously run iked, and this is my interface situation, both without and with tunnel enabled:
[b] NO Tunnel [/b]
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 80:fa:5b:2f:a1:61 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wifi0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.107 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::4933:c28:34fe:a7e9 prefixlen 64 scopeid 0x20<link>
ether 44:85:00:91:31:ce txqueuelen 1000 (Ethernet)
RX packets 2973 bytes 2180884 (2.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2589 bytes 423556 (413.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[b] Tunnel enabled [/b]
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 80:fa:5b:2f:a1:61 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 41 bytes 3290 (3.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 41 bytes 3290 (3.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap0: flags=67<UP,BROADCAST,RUNNING> mtu 1380
inet 10.240.0.150 netmask 255.255.255.0 broadcast 10.240.0.255
inet6 fe80::6437:dff:fecc:4a58 prefixlen 64 scopeid 0x20<link>
ether 66:37:0d:cc:4a:58 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wifi0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.107 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::4933:c28:34fe:a7e9 prefixlen 64 scopeid 0x20<link>
ether 44:85:00:91:31:ce txqueuelen 1000 (Ethernet)
RX packets 3392 bytes 2285941 (2.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2905 bytes 474231 (463.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0So the interface is correctly initialized.
Shrew output is also okay:
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
server cert configured
bringing up tunnel ...
network device configured
tunnel enabledThis is the output for a tcpdump while I was pinging 8.8.8.8, as you can see there's no packet in output or in input, both on wifi0 and on tap0
$ sudo tcpdump -n -vv icmp
tcpdump: listening on wifi0, link-type EN10MB (Ethernet), capture size 262144 bytes
$ sudo tcpdump -n -vv icmp -i tap0
tcpdump: listening on tap0, link-type EN10MB (Ethernet), capture size 262144 bytesThings are fine again as soon as I disconnect from the VPN
$ sudo tcpdump -n -vv icmp
tcpdump: listening on wifi0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:02:18.508777 IP (tos 0x0, ttl 64, id 33572, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.0.107 > 8.8.8.8: ICMP echo request, id 3050, seq 110, length 64
22:02:18.551801 IP (tos 0x0, ttl 45, id 0, offset 0, flags [none], proto ICMP (1), length 84)
8.8.8.8 > 192.168.0.107: ICMP echo reply, id 3050, seq 110, length 64
22:02:19.510027 IP (tos 0x0, ttl 64, id 33787, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.0.107 > 8.8.8.8: ICMP echo request, id 3050, seq 111, length 64
22:02:19.549637 IP (tos 0x0, ttl 45, id 0, offset 0, flags [none], proto ICMP (1), length 84)
8.8.8.8 > 192.168.0.107: ICMP echo reply, id 3050, seq 111, length 64I also read this topic https://lists.shrew.net/pipermail/vpn-h … 00950.html and tried to set up those parameters by using /etc/sysctl.d/10-network.conf, with no success: parameters are correctly set up, but even after a reboot nothing changes.
Any help is appreciated, I really am out of ideas. I also have to say that shrew for Windows and Mac works without a single flaw, and that a colleague of mine under Ubuntu has my same problem (even if I didn't try to see the output of tcpdump, but I guess that it would be the same)
EDIT: alternative software are ok, if I can have some help in configuring them. All I got is just a config file 
EDIT 2: I forgot to put an output of route -n, in case it can help
[b] No tunnel [/b]
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 303 0 0 wifi0
192.168.0.0 0.0.0.0 255.255.255.0 U 303 0 0 wifi0
[b]Tunnel[/b]
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.240.0.150 0.0.0.0 UG 0 0 0 tap0
0.0.0.0 192.168.0.1 0.0.0.0 UG 303 0 0 wifi0
10.240.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
192.168.0.0 0.0.0.0 255.255.255.0 U 303 0 0 wifi0
[OMITTED, VPN IP] 192.168.0.1 255.255.255.255 UGH 0 0 0 wifi0Last edited by guagno333 (2016-09-21 20:18:41)
Offline