<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div>Hey guys,</div><div><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">I'm new to OpenSwan and trying to put together the following setup. If I SSH into ServerA and type ping www.google.se, I want all my traffic to go /through/ the IPsec tunnel to ServerB and out to the Internet. In other words, I want my traffic from ServerA to appear to come from ServerB.</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">I'm
running into a problem though. As soon as I add rightsubnet=0.0.0.0/0 to the ServerA.conf, I lose SSH connectivity from HOME to ServerA. I need another set of eyes. Is there anything wrong with my configuration? Can anyone make a suggestion on how to route all outgoing Internet-bound traffic from ServerA through ServerB via IPsec, while still maintaining SSH connectivity to ServerA from HOME? Any assistance is much appreciated! :)</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">HOME --- (SSH) ---> ServerA --- (IPSEC) ---> ServerB ---> Internet</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman',
'new york', times, serif; background-color: transparent; font-style: normal; "><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">HOME External: 9.9.9.9</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">ServerA Internal: 192.168.1.10</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">ServerA External: 1.1.1.1</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color:
transparent; font-style: normal; "><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">ServerB Internal: 192.168.2.10</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">ServerB External: 2.2.2.2</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">-----ServerA.conf------</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">conn
ipsec</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>auto=start</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>type=tunnel</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>left=192.168.1.10</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre">
</span>leftid=1.1.1.1</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>leftsubnet=192.168.1.10/32</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>leftrsasigkey=00000key1...</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>right<span class="Apple-tab-span" style="white-space:pre"> </span>=2.2.2.2</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color:
transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>rightsubnet=0.0.0.0/0</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>rightnexthop=192.168.2.10</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>rightrsasigkey=00000key2...</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>ike=aes256-sha1;modp2048</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman',
'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>phase2=esp</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>phase2alg=aes256-sha1;modp2048</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>pfs=yes</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent;
font-style: normal; ">conn netkey-passthrough</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>auto=route</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>left=192.168.1.10</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>leftid=1.1.1.1</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span"
style="white-space:pre"> </span>leftsubnet=192.168.1.10/32</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>right=9.9.9.9</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>rightsubnet=9.9.9.9/32</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>authby=never</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span
class="Apple-tab-span" style="white-space:pre"> </span>type=passthrough</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">-----ServerB.conf------</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">conn ipsec</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span
class="Apple-tab-span" style="white-space:pre"> </span>auto=start</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>type=tunnel</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>left=1.1.1.1</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>leftsubnet=192.168.1.10/32</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal;
"><span class="Apple-tab-span" style="white-space:pre"> </span>leftrsasigkey=00000key1...</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>rightid=2.2.2.2</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>rightsubnet=0.0.0.0/0</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><span class="Apple-tab-span" style="white-space:pre"> </span>rightrsasigkey=00000key2...</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color:
transparent; font-style: normal; "><div style="background-color: transparent; "><span class="Apple-tab-span" style="white-space: pre; "> </span>ike=aes256-sha1;modp2048</div><div style="background-color: transparent; "><span class="Apple-tab-span" style="white-space: pre; "> </span>phase2=esp</div><div style="background-color: transparent; "><span class="Apple-tab-span" style="white-space: pre; "> </span>phase2alg=aes256-sha1;modp2048</div><div style="background-color: transparent; "><span class="Apple-tab-span" style="white-space: pre; "> </span>pfs=yes</div></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; "><br></div><div style="color: rgb(0, 0, 0); font-size: 16px;
font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">Tkx,</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; background-color: transparent; font-style: normal; ">Vikki</div></div></body></html>