<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi to all, I've a little problem with my
configuration: it doesn' work !</FONT></DIV>
<DIV><FONT face=Arial size=2>Pls help!</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I run opeswan 2.3.0 on a fedora core 2 server
configured as shown below:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial
size=2>eth1
eth0
router</FONT></DIV>
<DIV><FONT face=Arial
size=2>10.217.137.0/26-------192.168.1.2------192.168.1.1======PUBLIC_STATIC_IP</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>The public_static ip is natted to
192.168.1.2.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>The subnet configured on eth1 is masqueraded
.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>iptables -t nat -A POSTROUTING -s 10.217.137.0/26
-o eth0 -j MASQUERADE</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I've installed openswan with rpm founded through <A
href="http://www.openswan.org">www.openswan.org</A> </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Here my ipsec.conf</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>version 2.0</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>config
setup<BR>
interfaces=%defaultroute<BR>
nat_traversal=yes<BR>
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:!192.168.1.0/24,%v4:192.168.3.0/24</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>conn
%default<BR>
keyingtries=1<BR>
compress=yes<BR>
disablearrivalcheck=no<BR>
authby=rsasig<BR>
leftrsasigkey=%cert<BR>
rightrsasigkey=%cert</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>conn
roadwarrior-net<BR>
leftsubnet=10.217.137.0/26<BR>
also=roadwarrior</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>conn
roadwarrior<BR>
left=%defaultroute<BR>
leftcert=/etc/ipsec.d/certs/certificato.pem<BR>
right=%any<BR>
rightsubnet=vhost:%no,%priv<BR>
auto=add<BR> pfs=yes</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>include
/etc/ipsec.d/examples/no_oe.conf</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Tunnel correctly starts.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I've one switch directly connected to eth1, and
another switch to the previous one.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I can ping all things connected to the first switch
and NOTHING connected to the other.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>LAN config is ok because I can ping everything from
the gateway itself.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Thanks</FONT></DIV>
<DIV><FONT face=Arial><BR><FONT size=2></FONT></FONT></DIV></BODY></HTML>