Well.I'm a newbie in the area of openswan. I just installed the software yesterday actually ! It my first time to post letters in this maillist.Anyway I am willing do my best to give you some advice, OK?<br><br>Firstly I want to confirm the network scenario you discribed. In your picture, i guess you want to connect two subnets <a href="http://192.168.100.254/" target="_blank">192.168.100.0/24</a> and <a href="http://192.168.100.0/24" target="_blank">192.168.0.0/24</a> through a network in an ipsec way,right? My question is that which IPsec mode do you use, transport or tunnel mode? and another question is that : is the NAT configured well in your gateway to let the packet to go through? <br>
<br>if your IPsec gateways in two sides are using the transport mode with no NAT functionality, the ping packet can not forward to the destination, because there is no proper route not only in the gateway but also in the internet.<br>
<br>if your Ipsec gateways are using the transport mode and with right NAT functionality, the ping program will work without problem, as for NAT works~~. (now the openswan can go through the NAT)<br><br>if your IPsec gateways are using the tunnel mode, the ping program will also work well, no matter whether the NAT is enabled.Because the ping packets were encapsulated and sent by the gateways which is connected already.<br>
<br>That is all I know. if there is someting wrong, just point out .I hope you will make it. Have fun~~!<br><br><div class="gmail_quote">2008/5/25 <<a href="mailto:users-request@openswan.org">users-request@openswan.org</a>>:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Message: 2<br>
Date: Mon, 26 May 2008 09:10:23 +0530<br>
From: "Chandrakant Solanki" <<a href="mailto:solanki.chandrakant@gmail.com">solanki.chandrakant@gmail.com</a>><br>
Subject: [Openswan Users] Ping Problem<br>
To: <a href="mailto:users@openswan.org">users@openswan.org</a><br>
Message-ID:<br>
<<a href="mailto:3bf515fb0805252040m3cda2b63lead21639029a4929@mail.gmail.com">3bf515fb0805252040m3cda2b63lead21639029a4929@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
Hi All,<br>
<br>
[left]<br>
[right]<br>
<a href="http://192.168.100.0/24" target="_blank">192.168.100.0/24</a> ====== <a href="http://219.64.11.125" target="_blank">219.64.11.125</a> ------ <a href="http://219.64.11.1" target="_blank">219.64.11.1</a> <=========><br>
<a href="http://123.201.52.1" target="_blank">123.201.52.1</a> --------- <a href="http://123.201.52.225" target="_blank">123.201.52.225</a> ====== <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a><br>
Ipsec Server IP: <a href="http://192.168.100.254" target="_blank">192.168.100.254</a><br>
Ipsec Server IP: <a href="http://192.168.0.254" target="_blank">192.168.0.254</a><br>
<br>
This is my network scenario, I have setup my ipsec with 4 pc's network.. and<br>
implemented IPSec successfully. I am pining only those PC who has local<br>
gateway <a href="http://192.168.100.254" target="_blank">192.168.100.254</a> or <a href="http://192.168.0.254" target="_blank">192.168.0.254</a> on both side.<br>
<br>
<br>
My question is that ....<br>
<br>
Is it necessary to set gateway [<a href="http://192.168.100.254" target="_blank">192.168.100.254</a>] for all the pc who is<br>
belongs to <a href="http://192.168.100.0/24" target="_blank">192.168.100.0/24</a> network or it is not necessary on both side.<br>
<br>
Help me out.<br>
<br>
--<br>
Regards,<br>
<br>
Chandrakant Solanki<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://lists.openswan.org/pipermail/users/attachments/20080526/2684c74d/attachment.html" target="_blank">http://lists.openswan.org/pipermail/users/attachments/20080526/2684c74d/attachment.html</a><br>
<br>
-</blockquote></div><br>