<html><head><base href="x-msg://619/"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Jose, <div><br></div><div>I noticed your earlier mail shows your Ipsec.conf file does not have any private leftsubnet= or leftsource= directive, which I believe as Alonso implies you're missing,</div><div><br></div><div>IF you think simplistically, that the tunnel can be built from peer-peer using the two public IP's (which you have done so far)</div><div><br></div><div>then you need the private address range on each side to route between via the tunnel, which gives you your bi-directional traffic flow)</div><div><br></div><div>For example. You have the rightsubnet and right peer IP already in your linux-rv042 config, but nothing on the Left.</div><div><br></div><div><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; ">conn %default</span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "><br></span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "> authby=secret</span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "><br></span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "> type=tunnel</span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "><br></span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "> left=78.222.51.10</span></div><div><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "> leftsubnet=192.168.51.10/32 ( because you said you want to route from this HOST to your cisco network right ?) <<< you must configure the ip alias on eth0:1 using this IP (or one that you want to choose)<br></span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "><br></span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; ">conn linux-rv042</span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "><br></span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "> auto=add</span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "><br></span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "> right=81.18.24.120</span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "><br></span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "> rightsubnet=192.168.1.101/32</span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "><br></span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "> authby=secret</span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "><br></span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "> ike=aes256-sha1;modp1536</span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "><br></span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "> esp=aes256-sha1;modp1536</span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "><br></span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "> pfs=yes</span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "><br></span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "> aggrmode=no </span><span class="Apple-style-span" style="font-family: Calibri; font-size: 16px; "> </span></div><div><br></div><div>IF you config the alias interface on your ubuntu host with a private IP (It can be a /32 one ) and make sure you setup the same on the Cisco AND in your ipsec.conf, then restart, you should be good to go.</div><div><br></div><div><br></div><div>Dan.</div><div><br></div><div><div><div>On 8 Jun 2013, at 16:47, Jose M wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div class="hmmessage" style="font-size: 12pt; font-family: Calibri; "><div dir="ltr">Thanks Alonso!<br><br>Could you give me some hints how to create routes and iptables to get this working?<br><br><div><hr id="stopSpelling">From:<span class="Apple-converted-space"> </span><a href="mailto:alonso.manilla@gmail.com">alonso.manilla@gmail.com</a><br>Date: Fri, 7 Jun 2013 17:07:34 -0500<br>Subject: Re: [Openswan Users] Gateway to gateway without router in one endpoint?<br>To:<span class="Apple-converted-space"> </span><a href="mailto:soloninguno@hotmail.com">soloninguno@hotmail.com</a><br>CC:<span class="Apple-converted-space"> </span><a href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br><br><div dir="ltr">It's possible to create virtual nics.<div><br></div><div>Use #: </div><div>ifconfig eth0:1 192.168.1.5 netmask 255.255.255.0</div><div><br></div><div>to make it permanent change the /etc/network/interfaces file.</div><div><br></div><div>then you need to create a route to send all packets from vpn to the new ip address, also need to check your iptables.</div><div><br></div><div>Good luck.</div><div><br></div><div class="ecxgmail_extra"><br clear="all"><div>--<div>Alonso Manilla</div></div><br><br><div class="ecxgmail_quote">2013/6/7 Jose M<span class="Apple-converted-space"> </span><span dir="ltr"><<a href="mailto:soloninguno@hotmail.com" target="_blank">soloninguno@hotmail.com</a>></span><br><blockquote class="ecxgmail_quote" style="border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex; "><div><div dir="ltr">I need to create an ipsec vpn between an internal network behind a cisco router and an ubuntu server in the outside that is directly connected to the web (no router here).<br><br>Right now I've test openswan to create a client to gateway vpn an works as expected. Unforunately with this configuration I don't have two way traffic, the client sees the internal network, but the network can't see the client.<br><br>My knowledge of networks isn't the best, so I need to ask, is it possible to create some kind of virtual nics in ubuntu client server to simulate a gateway and an internal network (with only one machine) in this endpoint, so the machines in the internal network can see this client?<br><br>Thanks in advance!<br><br><br></div></div><br>_______________________________________________<br><a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br><a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>Micropayments:<span class="Apple-converted-space"> </span><a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>Building and Integrating Virtual Private Networks with Openswan:<br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br><br></blockquote></div><br></div></div></div></div>_______________________________________________<br><a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br><a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a><br>Micropayments:<span class="Apple-converted-space"> </span><a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>Building and Integrating Virtual Private Networks with Openswan:<br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br></div></blockquote></div><br><div>
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>Regards</div><div><br></div><div>Dan.</div></div></span></span></span>
</div>
<br></div></body></html>