<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>THanks for your response Bob, my response between yours.<br><br><div>> From: bob@computerisms.ca<br>> To: users@lists.openswan.org<br>> Date: Fri, 7 Jun 2013 15:21:17 -0700<br>> Subject: Re: [Openswan Users] Gateway to gateway without router in one endpoint?<br>> <br>> <br>> > I need to create an ipsec vpn between an internal network behind a<br>> > cisco router and an ubuntu server in the outside that is directly<br>> > connected to the web (no router here).<br>> > <br>> > Right now I've test openswan to create a client to gateway vpn an<br>> > works as expected. Unforunately with this configuration I don't have<br>> > two way traffic, the client sees the internal network, but the network<br>> > can't see the client.<br>> <br>> As I understand the situation the ubuntu server is the client and it<br>> needs split tunnelling (can access web and vpn at same time). Also as I<br>> understand, you have the tunnel up and working because traffic is<br>> flowing, just not in both directions. And the cisco router is acting as<br>> your vpn server.<br>> <br><br>That's right, it's only flowing from client to vpn server, not the other way round.<br><br>> > My knowledge of networks isn't the best, so I need to ask, is it<br>> > possible to create some kind of virtual nics in ubuntu client server<br>> > to simulate a gateway and an internal network (with only one machine)<br>> > in this endpoint, so the machines in the internal network can see this<br>> > client?<br>> <br>> I am sure you can, but I fail to see why it would help. If you have<br>> traffic flowing from client to net, then most likely traffic is not<br>> flowing in the opposite direction because of a firewall or routing rule<br>> somewhere. For example, if the tunnel's IP on the client is in the same<br>> subnet as the LAN you are connecting too, your cisco router won't have a<br>> route leaving the network because it already has a route to that<br>> network. Conversely iptables on the client may be configured to not<br>> allow any packets from a foreign LAN.<br>> <br>> This is of course a generalization that in my experience is not always<br>> true and may not apply to cisco routers, but almost always when traffic<br>> works in one direction and not the other, the problem is firewall rules<br>> or routing tables. A tcpdump or equivalent on the internal and external<br>> interfaces of the router should show you if this is true in your case or<br>> not... <br>> <br><br>Right now I think the traffic doesn't flow from vpn server to client simply because i configure a "client to gateway" in the cisco router (I send my configuration yesterday, don't know if the message arrives in the user list). And I configure a "client to gateway" and not a "gateway to gateway" cause I don't have a real network in the client. <br>That's why I ask if a can simulate a network with virtual nics in the client, to "cheat" the cisco router and connect to the client as it is a gateway too, and make the traffic flow in both directions. But maybe I'm asking silly things, I don't know that.<br><br>Thanks in advance!<br></div> </div></body>
</html>