<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Thanks, Paul, very much appreciated.<br>
<br>
The "left=192.." works with "left=%defaultroute" as well.<br>
<br>
However, I had to keep the "leftnexthop=150.101.215.42" as well ...
I can only <b>imagine </b>(I don't read much source code these
days) that because of the NAT in the modem<br>
<br>
236.X (internet interface) -- 192.168.1.2 (modem port interface) --
192.168.1.1 (ETHX of the ipsec gateway behind modem, DMZ'ed)<br>
<br>
Ipsec had no idea how to route this, so specifying the next hop as
the interface of the target machine would have "bridged" the mess of
the modem;-)<br>
<br>
But yes, its working, thank you Paul.<br>
<br>
Jobst<br>
<br>
<br>
<br>
<br>
<br>
On 12/20/2010 03:24 PM, Paul Wouters wrote:
<blockquote
cite="mid:alpine.LFD.1.10.1012192323280.16721@newtla.xelerance.com"
type="cite">On Mon, 20 Dec 2010, Jobst Schmalenbach wrote:
<br>
<br>
<blockquote type="cite">What I did NOT think of that the OLD
network sits on OPTUS where the ETHX card is the PUBLIC
IPADDRESS (optus modems run in bridge mode) while the new
network sits on a network behind a ADSL router that has a DMZ,
so the ETHX card is 192.168.1.1 not 236.40.233.220 (my static IP
address provided by the ISP).
<br>
</blockquote>
<br>
<blockquote type="cite">conn yorkstreet-2-barrett
<br>
left=236.40.233.220
<br>
</blockquote>
<br>
That should be left=192.168.1.1
<br>
<br>
<blockquote type="cite"> leftsourceip=236.40.233.220
<br>
leftnexthop=150.101.215.42
<br>
</blockquote>
<br>
leave these out.
<br>
<br>
Paul
<br>
</blockquote>
<br>
</body>
</html>