<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16587" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=078174418-21012008><FONT face=Arial
color=#0000ff size=2>It depends what you want to do.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=078174418-21012008><FONT face=Arial
color=#0000ff size=2>If you want to route additional traffic through the tunnel,
you must add additional</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=078174418-21012008><FONT face=Arial
color=#0000ff size=2>conn and subnet definitions.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=078174418-21012008><FONT face=Arial
color=#0000ff size=2>If your just talking plain routing in your lan or whatever,
no ipsec involved, then</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=078174418-21012008><FONT face=Arial
color=#0000ff size=2>read the man pages for ip route. If your looking for
advanced routing and/or QoS,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=078174418-21012008><FONT face=Arial
color=#0000ff size=2>then it gets quite complicated. Perhaps you could elaborate
more what your trying</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=078174418-21012008><FONT face=Arial
color=#0000ff size=2>to do? The more detail you provide the easier it will be to
answer. If your just looking</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=078174418-21012008><FONT face=Arial
color=#0000ff size=2>to learn in general then consult the documentation howtos,
man pages, etc...</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=078174418-21012008><FONT face=Arial
color=#0000ff size=2>To learn iptables, there is good documentation to get you
started at the iptables</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=078174418-21012008><FONT face=Arial
color=#0000ff size=2>main site, netfilter.org. There is good links for advanced
routing at:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=078174418-21012008><FONT face=Arial
color=#0000ff size=2><A
href="http://en.wikipedia.org/wiki/Iproute2">http://en.wikipedia.org/wiki/Iproute2</A></FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> richard garcia
[mailto:splender99@gmail.com] <BR><B>Sent:</B> January 21, 2008 1:30
PM<BR><B>To:</B> petermcgill@goco.net<BR><B>Cc:</B>
users@openswan.org<BR><B>Subject:</B> Re: [Openswan Users] Openswan &
Linksys BEFSX41 VPN Router<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV>Thanks Peter, I already have a succesful VPN connection with Linux
OpenSWAN & Linksys BEFSX41 router using the configuration you listed
below, linksys has similar settings. However, I'm not sure if its okey
with you guys to ask the question how can I route the trafic in Linux, I was
testing with routes and iptables but im not that good with Linux routing.
</DIV>
<DIV> </DIV>
<DIV>Regards,</DIV>
<DIV> </DIV>
<DIV>Richard<BR><BR></DIV>
<DIV class=gmail_quote>On Jan 21, 2008 10:45 PM, Peter McGill <<A
href="mailto:petermcgill@goco.net">petermcgill@goco.net</A>> wrote:<BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>To have
traffic flow to/from <A href="http://192.168.8.0/24"
target=_blank>192.168.8.0/24</A> and <A href="http://192.168.2.0/24"
target=_blank>192.168.2.0/24</A> you need to have subnets in openswan for
them.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2>ie)</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>conn
<whatever you have></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN> <FONT face=Arial
color=#0000ff size=2>leftsubnet=<A href="http://172.168.8.0/24"
target=_blank>172.168.8.0/24</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN> <FONT face=Arial
color=#0000ff size=2>leftsourceip=<A href="http://172.168.8.110/"
target=_blank>172.168.8.110</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN> <FONT face=Arial
color=#0000ff size=2>rightsubnet=<A href="http://192.168.2.0/24"
target=_blank>192.168.2.0/24</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Don't
know the linksys settings to match this, but the linksys will also need the
left/right subnets set in the ipsec settings.</FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Also,
the hosts in <A href="http://172.168.8.0/24"
target=_blank>172.168.8.0/24</A> will need to know to route traffic for <A
href="http://192.168.2.0/24" target=_blank>192.168.2.0/24</A> to <A
href="http://172.168.8.110/" target=_blank>172.168.8.110</A>, either by
having</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2><A
href="http://172.168.8.110/" target=_blank>172.168.8.110</A> as the default
gateway for the subnet or by putting a static route on the default gateway
to forward traffic </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2>for <A href="http://192.168.2.0/24"
target=_blank>192.168.2.0/24</A> to <A href="http://172.168.8.110/"
target=_blank>172.168.8.110</A>.</FONT> </SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV lang=en-us dir=ltr align=left>
<HR>
<FONT face=Tahoma size=2><B>From:</B> <A
href="mailto:users-bounces@openswan.org"
target=_blank>users-bounces@openswan.org</A> [mailto:<A
href="mailto:users-bounces@openswan.org"
target=_blank>users-bounces@openswan.org </A>] <B>On Behalf Of </B>richard
garcia<BR><B>Sent:</B> January 19, 2008 10:16 AM<BR><B>To:</B> <A
href="mailto:users@openswan.org"
target=_blank>users@openswan.org</A><BR><B>Subject:</B> [Openswan Users]
Openswan & Linksys BEFSX41 VPN Router <BR></FONT><BR></DIV>
<DIV>
<DIV></DIV>
<DIV class=Wj3C7c>
<DIV></DIV>
<DIV>Hi, I'm new to openswan, I was able to establish a connection using
Ubuntu Openswan and a Linksys BEFSX41 VPN Router. Below is the
layout of the setup</DIV>
<DIV> </DIV>
<DIV> <A
href="http://192.168.1.10/"
target=_blank>192.168.1.10</A> WAN
<A href="http://192.168.1.12/" target=_blank>192.168.1.12</A></DIV>
<DIV>
<A href="http://172.168.8.110/24" target=_blank>172.168.8.110/24</A></DIV>
<DIV><A href="http://172.168.8.3/24"
target=_blank>172.168.8.3/24</A> ----------------------->
OPENSWAN -------------------------> BEFSX41
---------------------------------> <A href="http://192.168.2.2/24"
target=_blank>192.168.2.2/24 </A>(Windows)</DIV>
<DIV> </DIV>
<DIV>From <A href="http://192.168.2.2/" target=_blank>192.168.2.2</A>, I
can ping <A href="http://172.168.8.110/"
target=_blank>172.168.8.110</A>. However I need to
connect to <A href="http://172.168.8.3/" target=_blank>
172.168.8.3</A>, ping to this host is request timeout. From <A
href="http://172.168.8.110/" target=_blank>172.168.8.110</A>, cannot
ping any pcs in <A href="http://192.168.2.2/"
target=_blank>192.168.2.2</A>.</DIV>
<DIV>Im not very good at iptables and routing in Linux, can anyone help
me?</DIV>
<DIV> </DIV>
<DIV>Regards,</DIV>
<DIV> </DIV>
<DIV>splender99</DIV></DIV></DIV></BLOCKQUOTE></DIV></BLOCKQUOTE></DIV><BR></BLOCKQUOTE></BODY></HTML>