<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2800.1561" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Tahoma size=2></FONT> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT face=Arial size=2>Hi,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I have the following setup :-</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>(192.168.0.253) - Local laptop running
FC6</FONT></DIV>
<DIV><FONT face=Arial size=2>||</FONT></DIV>
<DIV><FONT face=Arial size=2>(xxx.xxx.xxx.xxx)/(192.168.0.1) - Local
server/firewall/router running FC6</FONT></DIV>
<DIV><FONT face=Arial size=2>||</FONT></DIV>
<DIV><FONT face=Arial size=2>-- internet</FONT></DIV>
<DIV><FONT face=Arial size=2>||</FONT></DIV>
<DIV><FONT face=Arial size=2>(yyy.yyy.yyy.yyy) - Remote watchguard soho 6 VPN
box</FONT></DIV>
<DIV><FONT face=Arial size=2>||</FONT></DIV>
<DIV><FONT face=Arial size=2>(aaa.aaa.aaa.aaa) - Remote network</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>When I run openswan from my laptop to set up a
net-to-net tunnel(pre-shared key) through the soho 6 VPN box all works
well, I can see all machines </FONT><FONT face=Arial size=2>on the remote net
through the tunnel as expected , however, if I run openswan on my local server
machine and change the conn details appropriately to </FONT><FONT face=Arial
size=2>use its local address(192.168.0.1) and the correct eth
device(as this has 2) then the tunnel comes up but I cant see the
remote net. Pinging seems to not go down the tunnel ie I get ICMP replies back
from routers on my internet subnet, hence I cant see the remote subnet from
this machine. I've obviously missed something here, note that I'm trying to do
this without touching any other parameters on any other box, ie no changes to
my local server or watchguard box, just by changing openswan conn parameters
alone. Is this possible? </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I can post conn files and ipsec verify etc if
needed, indeed 'ipsec verify' when run on my server machine does complain
about ICMP redirects, but as said above I dont want to change anything at the
machine level if I can help it.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Thanks in advance</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Steve H.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></BLOCKQUOTE></BODY></HTML>