<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
That did it. Thanks Nick!<br>
<pre class="moz-signature" cols="72">Regards,
Ryan Davies</pre>
<br>
On 7/08/10 12:37 AM, Nick Howitt wrote:
<blockquote cite="mid:4C5C01EE.5000404@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Hi Ryan,<br>
<br>
You need lines with the left/rightsourceip in your conf:<br>
leftsourceip=192.168.1.1<br>
rightsourceip=192.168.0.1<br>
<br>
BTW for future flexibility I'd keep away from the 192.168.0.0/24
and 192.168.1.0/24 subnets as they are used by too many domestic
routers.<br>
<br>
Nick<br>
<br>
On 06/08/2010 08:08, Ryan Davies wrote:
<blockquote cite="mid:4C5BB4F4.6070005@professional.geek.nz"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Hi All,<br>
<br>
Myself and my partner's father has set up a VPN so we can access
each others internal networks.<br>
<br>
Our topology is as following: (Example)<br>
<br>
Client A -> Server A
<-> Server B <- Client B<br>
192.168.1.6 192.168.1.1
192.168.0.1 192.168.0.6<br>
eth0: External IP<br>
eth1: Internal IP<br>
<br>
Client A can ping and access Server B and Client B<br>
Client B can ping and access Server A and Client A<br>
<br>
Server A cannot ping or access Server B and Client B<br>
Server B cannot ping or access Server A and Client A<br>
<br>
Firewall on Server A is set to full allow Server B's public IP<br>
Firewall on Server B is set to full allow Server A's public IP<br>
<br>
We are using NETKEY with PSK<br>
<br>
Here is my ipsec (With public IP's Removed):<br>
<small><small># /etc/ipsec.conf - Openswan IPsec configuration
file<br>
<br>
version 2.0 # conforms to second version of ipsec.conf
specification<br>
<br>
# basic configuration<br>
config setup<br>
nat_traversal=yes<br>
oe=off<br>
protostack=netkey<br>
plutostderrlog=/tmp/pluto.log<br>
<br>
conn Tunnel-to-Millers<br>
type = tunnel<br>
auth=esp<br>
authby=secret<br>
left=a.b.c.d (Server A's Public IP)<br>
leftsubnet=192.168.1.0/24 <br>
right=w.x.y.z (Server B's Pubic IP)<br>
rightsubnet=192.168.0.0/24<br>
esp=3des-md5<br>
rekey=yes<br>
keyingtries=3<br>
keyexchange=ike<br>
auto=start</small></small><br>
<br>
Im not sure if its routing or masquerading or what, when running
a traceroute to 192.168.0.6 from Server A, the requests go out
through Server A's public IP<br>
<small><small>root@Nelson:~# ping 192.168.0.6<br>
PING 192.168.0.6 (192.168.0.6) 56(84) bytes of data.<br>
^C<br>
--- 192.168.0.6 ping statistics ---<br>
6 packets transmitted, 0 received, 100% packet loss, time
5039ms<br>
</small></small><br>
If I ping forcing interface eth1 (Internal), they go through<small><small><br>
root@Nelson:~# ping -Ieth1 192.168.0.6<br>
PING 192.168.0.6 (192.168.0.6) from 192.168.1.1 eth1: 56(84)
bytes of data.<br>
64 bytes from 192.168.0.6: icmp_seq=1 ttl=63 time=34.2 ms<br>
64 bytes from 192.168.0.6: icmp_seq=2 ttl=63 time=18.7 ms<br>
64 bytes from 192.168.0.6: icmp_seq=3 ttl=63 time=16.7 ms<br>
64 bytes from 192.168.0.6: icmp_seq=4 ttl=63 time=20.0 ms<br>
^C<br>
--- 192.168.0.6 ping statistics ---<br>
4 packets transmitted, 4 received, 0% packet loss, time
3003ms<br>
rtt min/avg/max/mdev = 16.716/22.457/34.252/6.916 ms</small></small><br>
<br>
Server A runs a DNS server which needs to pass requests for one
of our domains to a DNS server on the 192.168.0.0 network.<br>
<br>
Any help would be appreciated<br>
<pre class="moz-signature" cols="72">--
Regards,
Ryan Davies</pre>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@openswan.org">Users@openswan.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
</blockquote>
</body>
</html>