← Back to team overview

ubuntu-phone team mailing list archive

  1. ubuntu-phone team
  2. Mailing list archive
  3. Message #16755

VPN over BQ as hotspot

  Thread PreviousDate PreviousThread Next 

Hello,

I'm configuring a VPN connection between my netbook and the host in my company.
The netbook is connected to the BQ as hotspot with the internal IP 10.42.0.103
and the remote host is 193.31.11.196.

netbook (10.42.0.103) ---> BQ(hotspot) ---> (Internet) --> 193.31.11.196

(all tcpdump is collected inside the netbook on the wlan interface)

The VPN authentication to the VPN host goes fine:
...
21:03:56.661733 IP 10.42.0.103.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
21:03:56.662110 IP 10.42.0.103.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
21:03:59.270637 IP 193.31.11.196.500 > 10.42.0.103.500: isakmp: phase 2/others R #6[E]
21:03:59.597103 IP 10.42.0.103.500 > 193.31.11.196.500: isakmp: phase 2/others I oakley-quick[E]
21:04:00.790390 IP 193.31.11.196.500 > 10.42.0.103.500: isakmp: phase 2/others R inf[E]
21:04:00.790781 IP 10.42.0.103.500 > 193.31.11.196.500: isakmp: phase 2/others I oakley-quick[E]
21:04:00.901617 IP 193.31.11.196.500 > 10.42.0.103.500: isakmp: phase 2/others R oakley-quick[E]
21:04:00.902127 IP 10.42.0.103.500 > 193.31.11.196.500: isakmp: phase 2/others I oakley-quick[E]
21:04:00.903410 IP 10.42.0.103.500 > 193.31.11.196.500: isakmp: phase 2/others I inf[E]
21:04:02.040373 IP 193.31.11.196.500 > 10.42.0.103.500: isakmp: phase 2/others R oakley-quick[E]
21:04:02.370263 IP 193.31.11.196.500 > 10.42.0.103.500: isakmp: phase 2/others R inf[E]

The VPN-client brings up the interface tun0 in my netbook and all routing goes
to it; when I now direct traffic to the VPN tunnel the ESP goes out via
the wlan to the BQ but nothing comes back:

21:04:42.758349 IP 10.42.0.103 > 193.31.11.196: ESP(spi=0x06170123,seq=0x1), length 92
21:04:47.766073 IP 10.42.0.103 > 193.31.11.196: ESP(spi=0x06170123,seq=0x2), length 92
21:04:52.794706 IP 10.42.0.103 > 193.31.11.196: ESP(spi=0x06170123,seq=0x3), length 92
21:04:57.829285 IP 10.42.0.103 > 193.31.11.196: ESP(spi=0x06170123,seq=0x4), length 92
21:06:30.418349 IP 10.42.0.103 > 193.31.11.196: ESP(spi=0x06170123,seq=0x5), length 92
21:06:35.425389 IP 10.42.0.103 > 193.31.11.196: ESP(spi=0x06170123,seq=0x6), length 92
21:06:37.430867 IP 10.42.0.103 > 193.31.11.196: ESP(spi=0x06170123,seq=0x7), length 92
21:06:47.432489 IP 10.42.0.103 > 193.31.11.196: ESP(spi=0x06170123,seq=0x8), length 92

It looks like incoming trafic on the mobile data interface of the BQ is not NATed back
to the IP 10.42.0.103 of the netbook.

Any ideas?

	matthias
-- 
Matthias Apitz, ✉ guru@xxxxxxxxxxx, 🌐 http://www.unixarea.de/  ☎ +49-176-38902045

Follow ups

  Thread PreviousDate PreviousThread Next