<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.0.10">
</HEAD>
<BODY BGCOLOR="#ffffff">
OK,<BR>
<BR>
that I reallize, but what route?<BR>
<BR>
I have everything to 10.20.0.0 routed to ipsec0. Here is my routes in the Right Server:<BR>
<BR>
Kernel IP routing table<BR>
Destination Gateway Genmask Flags Metric Ref Use Iface<BR>
10.210.21.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1<BR>
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0<BR>
10.20.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ipsec0<BR>
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo<BR>
0.0.0.0 192.168.200.200 0.0.0.0 UG 0 0 0 eth0<BR>
<BR>
I had a "192.168.200.0 0.0.0.0 255.255.255.0 ipsec0" but I ripped it off to test.<BR>
I also tried to change the "leftnexthop" and "rightnexthop" if no effect.<BR>
<BR>
This server ( the Right Server ), will have Qmail, Squid and other services that MUST comunicate directly to servers inside the Left Network, and its imperative that the traffic must be secure.<BR>
<BR>
Alguma ideia Joao?<BR>
<BR>
Augusto Pizarro<BR>
Rio de Janeiro - RJ<BR>
Brazil<BR>
<BR>
<BR>
Em Qua, 2007-02-07 às 11:12, Fernando Blankleder escreveu:
<BLOCKQUOTE TYPE=CITE>
<FONT COLOR="#737373"><I> </FONT><BR>
<FONT COLOR="#737373" SIZE="2">Hi Ping Packets originated from Server are going out from LO, not ETH1, and tunnel only encrypts packets comming from ETH1<BR>
You Need To Add a Route.</FONT><BR>
<FONT COLOR="#737373"> </FONT><BR>
<FONT COLOR="#737373" SIZE="2">Fernando<BR>
Joao Pessoa - Paraiba<BR>
Bra[z][s]il</FONT>
<BLOCKQUOTE>
<FONT COLOR="#737373">----- Original Message ----- <BR>
<B>From:</B> </FONT><A HREF="mailto:augusto.pizarro@siemconsub.com.br"><U>Augusto Pizarro</U></A><BR>
<FONT COLOR="#737373"><B>To:</B> </FONT><A HREF="mailto:users@openswan.org"><U>users@openswan.org</U></A><BR>
<FONT COLOR="#737373"><B>Sent:</B> Wednesday, February 07, 2007 9:11 AM<BR>
<B>Subject:</B> [Openswan Users] Clients in the right network are OK but packtesfrom rightserver misroute<BR>
<BR>
Maybe a silly problem but for a stupid guy like me are a huge problem....<BR>
<BR>
The machines are not in production and the internet is emulated by another linux box with only ip_forward = 1.<BR>
<BR>
Right Network Right Server Left Server Left Network<BR>
10.210.21.0------10.210.21.1/192.168.200.100 ---(internet)---200.178.78.1/10.20.10.60-----10.20.0.0<BR>
eth1 eth0 eth0 eth1<BR>
<BR>
Any network test from the Right Clients to the Left Network are OK.<BR>
Ane test directly from the Right Server to the Left Network are NOT OK.<BR>
<BR>
RESUMING: The Right clients are OK bur the Right server itself DONT!!! Really stupid!!<BR>
<BR>
The IPSEC tunnel is ok, the packets are encripted between the eth0's, but only if they come from the Right Network Clients.<BR>
Another information, the Left Server can ping the Right Server but only if we do an "ping 10.210.21.1 -I eth1".<BR>
<BR>
In the IPTRAF I can see "ICMP dest unrch from 10.210.21.1 to 10.210.21.1 on lo" in the Right Server wen trying to ping the Left Server.<BR>
<BR>
Maybe I have to create another tunnel just for the traffic from the server to the Left Network.<BR>
<BR>
Regards,<BR>
Augusto Pizarro<BR>
Rio de Janeiro - Brazil</I></FONT><BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
</TR>
<TR>
</TR>
<TR>
<TD>
<BR>
</TD>
</TR>
</TABLE>
<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
</TR>
<TR>
</TR>
<TR>
<TD>
<BR>
</TD>
</TR>
</TABLE>
<BR>
<FONT COLOR="#737373"><I><BR>
<HR>
<BR>
<BR>
_______________________________________________<BR>
Users@openswan.org<BR>
http://lists.openswan.org/mailman/listinfo/users<BR>
Building and Integrating Virtual Private Networks with Openswan: </FONT>
</BLOCKQUOTE>
</BLOCKQUOTE>
<A HREF="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</I></A><BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
Augusto Pizarro<BR>
Analista de Suporte<BR>
55 21 3515-9751<BR>
<BR>
Siemconsub<BR>
Av Rio Branco 108 - 28<BR>
Rio de Janeiro - RJ - Brazil<BR>
20040-001
</TD>
</TR>
</TABLE>
</BODY>
</HTML>