Troubleshooting INET Routing - Linux IPsec (Racoon) HQ to Cisco Router Remote Site

Thursday, October 23, 2014
I have two devices. I have a Cisco 29xx series router with datak9 and securityk9 enabled. I also have a linux machine acting as a server at the main location running shorewall. I am trying to configure the remote location (with the Cisco router) to connect to the linux server in order to communicate across the two LAN segments. I also would like to have all internet traffic routed from the remote location through the main location and through a firewall. I modified /etc/iproute2/rt_tables and added a separate line with: 1002 IPsec and configured an IP route and ip rules for this new table so that the IPsec traffic should use it. Code: #Configure IP Rules for Remote ip rule add from 192.168.5.0/24 table 1002 #Configure IP Routes for Remote ip route add default via 192.168.3.1 dev eth0 table 1002 I am seeing the traffic go from the 192.168.5.0/24 network through the tunnel, out to the HQ router and out to the internet, but when I do a tcpdump -i any, I see duplicate packets with the same sequence number. I can also ping and traceroute, but I can not get internet traffic working. If I set up the linux server to NAT the traffic out of its eth1 interface, internet works, but with a lot of latency due to a bunch of RESET packets being sent. Basic Topology Diagram: Attachment 16738 racoon.conf: Code: path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.key"; log notify; # log verbosity and set to 'notify' when debug complete ...

More @