<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Odd. Your left WAN IP appears to be on the same subnet as the left
LAN. I don't see that working. Are you sure of your set up?<br>
<br>
On 09/07/2010 19:24, Ryan McLeod wrote:
<blockquote
cite="mid:AANLkTimTwLxzvcFzn1y6qzot5OYISOTWlHx5loj_FnEZ@mail.gmail.com"
type="cite">connection config looks like:<br>
<br>
<i>conn tunnelipsec<br>
type=tunnel<br>
authby=secret<br>
left=192.168.92.128<br>
leftnexthop=192.168.92.2<br>
leftsubnet=<a moz-do-not-send="true"
href="http://192.168.92.0/24">192.168.92.0/24</a><br>
right=200.200.200.1<br>
rightnexthop=200.200.200.2<br>
rightsubnet=<a moz-do-not-send="true"
href="http://192.168.1.0/24">192.168.1.0/24</a><br>
esp=3des-md5<br>
keyexchange=ike<br>
pfs=no<br>
auto=star</i>t<br>
<br>
The connection establishes just fine. On the openswan server, if i
ping 192.168.1.5, a host on the remote network, the traffic goes
through the tunnel encrypted. if i ping that host from the local
subnet, it goes over the wire unencrypted. Looking at the route
table on the openswan box, there is no entry for the remote
network:<br>
<br>
Destination Gateway
Genmask <br>
192.168.92.0 *
255.255.255.0<br>
link-local *
255.255.0.0<br>
default 192.168.92.2 0.0.0.0<br>
<br>
I initialize the tunnel with: ipsec auto --up tunnelipsec<br>
<br>
I have added to iptables:<br>
<br>
<pre><font style="font-family: arial,helvetica,sans-serif;" size="2">$IPTABLES -A INPUT -p udp --dport 500 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 500 -j ACCEPT
</font><font><font style="font-family: arial,helvetica,sans-serif;" size="2">$IPTABLES -A INPUT -p udp --dport 4500 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 4500 -j ACCEPT</font></font>
<font style="font-family: arial,helvetica,sans-serif;" size="2">
$IPTABLES -t mangle -A PREROUTING -i eth1 -p esp -j MARK --set-mark 1
$IPTABLES -A FORWARD -i eth1 -m mark --mark 1 -d <a moz-do-not-send="true" href="http://192.168.2.0/24">192.168.2.0/24</a> -j ACCEPT
Any help is appreciated,
Thanks.
</font></pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
<a class="moz-txt-link-abbreviated" href="mailto:Users@openswan.org">Users@openswan.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a>
Building and Integrating Virtual Private Networks with Openswan:
<a class="moz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
</body>
</html>