<html>
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 10 (filtered)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Trebuchet MS";
panose-1:2 11 6 3 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{font-family:"Trebuchet MS";
color:navy;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
p.section1, li.section1, div.section1
{margin-right:0cm;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman";}
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-AU link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>Hi all,</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>Sorry if this
problem has all ready been posted about.</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>Our current setup
looks like this:</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
(LEFT)
(RIGHT)</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> 10.1.8.0/255.255.248.0
10.2.30.0/255.255.255.0</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
\
/</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
\
/</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> eth0
(10.1.8.1) ipsec0 ~~~~~~~~~~~~~~~~~~
ipsec0 eth1 (10.2.30.1)</span></font></p>
<p class=MsoNormal style='text-indent:36.0pt'><font size=2 color=navy
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New";
color:navy'> \
/
\
/</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
Gateway
Regional</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
(xxx.yyy.67.9)/ \(xxx.yyy.67.2)
(vvv.www.222.42)/</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
eth2 (DMZ) eth1---------\
/---------ppp0</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
/
(Internet)</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
/</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
xxx.yyy.67.8/29</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>Basically I want
to route all traffic from the Regional Gateway (right) to the DMZ on the left
through the ipsec0 interface (to allow for services that are firewalled off
from Internet traffic.</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>ipsec.conf on the
Gateway looks like this:</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>conn home-away</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
type=tunnel</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
left=xxx.yyy.67.2</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
leftnexthop=xxx.yyy.67.1</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
leftsubnet=10.0.0.0/255.0.0.0</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
leftsourceip=10.1.8.1</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
right=vvv.www.222.42</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
rightnexthop=vvv.www.14.16</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
rightsubnet=10.2.30.0/255.255.255.0</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
rightsourceip=10.2.30.1</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
keyexchange=ike</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
auth=esp</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
authby=secret</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
esp=3des-sha1-96</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
pfs=yes</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
compress=yes</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
auto=start</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>ipsec.conf on
Regional looks like this:</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>conn home-away</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
type=tunnel</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
left=vvv.www.222.42</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
leftnexthop=vvv.www.14.16</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
leftsubnet=10.2.30.0/255.255.255.0</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
leftsourceip=10.2.30.1</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
right=xxx.yyy.67.2</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
rightnexthop=xxx.yyy.67.1</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
rightsubnet=10.0.0.0/255.0.0.0</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
rightsourceip=10.1.8.1</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
keyexchange=ike</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
auth=esp</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
authby=secret</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
esp=3des-sha1-96</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
pfs=yes</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
compress=yes</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>
auto=start</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>The routing table
on Regional looks like this:</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>Kernel IP routing
table</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>Destination
Gateway Genmask
Flags Metric Ref Use Iface</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>vvv.www.14.16 0.0.0.0
255.255.255.255 UH 0 0
0 ppp0</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>vvv.www.14.16
0.0.0.0 255.255.255.255
UH 0 0
0 ipsec0</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>10.2.30.0
0.0.0.0
255.255.255.0 U
0 0 0
eth1</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>10.0.0.0
vvv.www.14.16 255.0.0.0
UG 0 0
0 ipsec0</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>0.0.0.0
vvv.www.14.16 0.0.0.0
UG 0 0
0 ppp0</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>If I manually add
a route thusly:</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>ip route add xxx.yyy.67.8/29
dev ipsec0 src 10.2.30.1; OR</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>ip route add
xxx.yyy.67.8/29 via vvv.www.14.16 dev ipsec0 src 10.2.30.1</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>Then I can see
the traffic going out on the ipsec0 interface on Regional but not coming in on
ipsec0 on Gateway.</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>I get the feeling
that I've got a fundamental misunderstanding of the way this is all put
together. Any help what-so-ever will be greatly appreciated.</span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:navy'>Kind regards</span></font></p>
<p class=section1><font size=1 color=navy face="Courier New"><span
style='font-size:9.0pt;font-family:"Courier New";color:navy'>--<br>
David Green<br>
<br>
</span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> </span></font></p>
</div>
</body>
</html>