<html>
<head>
</head>
<body class='hmmessage'><div dir='ltr'>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style>
<div dir="ltr">Thanks Alonso for your help!<br><br>I'm not a pro with network things, so is not very clear to me what ips do I have to put in the ip router command you post<br><br><span style="font-family:arial,sans-serif;font-size:13px;"> ip </span><span style="font-family:arial,sans-serif;font-size:13px;">route</span><span style="font-family:arial,sans-serif;font-size:13px;"> add </span><a href="http://128.9.0.0/16" target="_blank" style="font-family:arial,sans-serif;font-size:13px;">128.9.0.0/16</a><span style="font-family:arial,sans-serif;font-size:13px;"> via 128.100.100.1 dev eth0 proto static src </span><a href="http://172.22.11.10/32" target="_blank" style="font-family:arial,sans-serif;font-size:13px;">172.22.11.10/32</a><br><br>128.9.0.0/16 is the "remote network"?<br>128.100.100.1 is the local gateway?<br><span style="font-family:arial,sans-serif;font-size:13px;"></span><a href="http://172.22.11.10/32" target="_blank" style="font-family:arial,sans-serif;font-size:13px;">172.22.11.10/32</a> is the "local network"?<br><br><br>Just in case, here is the configuration I have after creating the virtual nic with<br><br>sudo ifconfig eth0:1 192.168.51.10/32 netmask 255.255.255.0
<br><br><i><u>ipsec.conf</u></i><br><pre>conn %default
authby=secret
type=tunnel
left=78.222.51.10
leftsubnet=192.168.51.10/32<br><br>conn linux-rv042
auto=add
right=81.18.24.120
rightsubnet=192.168.1.101/32
authby=secret</pre>And here the picture of my RV042 configuration with "gateway to gateway" mode<br>http://tinypic.com/view.php?pic=20aoqx1&s=5<br><br>By the way, why if i configure the "client to gateway" I can ping from the client to the vpn, and with "gateway to gateway" that doesn't work. Is because now the client has two nics and doesn't know where to go?<br><br>Kind regards<br><br><div><hr id="stopSpelling">From: alonso.manilla@gmail.com<br>Date: Mon, 10 Jun 2013 09:09:16 -0500<br>Subject: Re: [Openswan Users] Gateway to gateway without router in one endpoint?<br>To: soloninguno@hotmail.com<br>CC: users@lists.openswan.org<br><br><div dir="ltr"><div>You're closer!</div><div><br></div><div>This maybe help you<br></div><div><br></div><div>I used this for route:</div><div><br></div><div><span style="font-family:arial,sans-serif;font-size:13px;"> ip </span><span style="font-family:arial,sans-serif;font-size:13px;">route</span><span style="font-family:arial,sans-serif;font-size:13px;"> add </span><a href="http://128.9.0.0/16" target="_blank" style="font-family:arial,sans-serif;font-size:13px;">128.9.0.0/16</a><span style="font-family:arial,sans-serif;font-size:13px;"> via 128.100.100.1 dev eth0 proto static src </span><a href="http://172.22.11.10/32" target="_blank" style="font-family:arial,sans-serif;font-size:13px;">172.22.11.10/32</a><br>
</div><div><br></div><div>This is my iptables-save result:</div><div><br></div><div><div>*nat</div><div>:PREROUTING ACCEPT [7890242:571675663]</div><div>:INPUT ACCEPT [7207255:467688388]</div><div>
:OUTPUT ACCEPT [1540066:101645951]</div><div>:POSTROUTING ACCEPT [1540060:101645591]</div><div>-A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu</div><div>-A POSTROUTING -s <a href="http://200.96.218.135/32" target="_blank">200.96.218.135/32</a> -d <a href="http://172.22.11.10/32" target="_blank">172.22.11.10/32</a> -o eth0 -j MASQUERADE</div>
<div>-A POSTROUTING -s <a href="http://128.9.0.0/16" target="_blank">128.9.0.0/16</a> -d <a href="http://172.22.11.10/32" target="_blank">172.22.11.10/32</a> -o eth0 -j MASQUERADE</div><div><br></div><div>check this link:</div><div><br></div>
<div>I had problem with packages and here help me to solve</div><div><br></div><div><a href="https://lists.openswan.org/pipermail/users/2013-May/022381.html" target="_blank">https://lists.openswan.org/pipermail/users/2013-May/022381.html</a><br>
</div><div><br></div><div>Regards!</div><div><br></div></div></div><div class="ecxgmail_extra"><br clear="all"><div>--<div>Alonso Manilla</div></div>
<br><br><div class="ecxgmail_quote">2013/6/8 Jose M <span dir="ltr"><<a href="mailto:soloninguno@hotmail.com" target="_blank">soloninguno@hotmail.com</a>></span><br><blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;">
<div><div dir="ltr">Thanks Alonso!<br><br>Could you give me some hints how to create routes and iptables to get this working?<br><br><div><hr>From: <a href="mailto:alonso.manilla@gmail.com" target="_blank">alonso.manilla@gmail.com</a><br>
Date: Fri, 7 Jun 2013 17:07:34 -0500<div class="ecxim"><br>Subject: Re: [Openswan Users] Gateway to gateway without router in one endpoint?<br></div>To: <a href="mailto:soloninguno@hotmail.com" target="_blank">soloninguno@hotmail.com</a><br>
CC: <a href="mailto:users@lists.openswan.org" target="_blank">users@lists.openswan.org</a><div><div class="h5"><br><br><div dir="ltr">It's possible to create virtual nics.<div><br></div><div>Use #: </div><div>ifconfig eth0:1 192.168.1.5 netmask 255.255.255.0</div>
<div><br></div><div>to make it permanent change the /etc/network/interfaces file.</div>
<div><br></div><div>then you need to create a route to send all packets from vpn to the new ip address, also need to check your iptables.</div><div><br></div><div>Good luck.</div><div><br></div>
<div><br clear="all"><div>--<div>Alonso Manilla</div></div>
<br><br><div>2013/6/7 Jose M <span dir="ltr"><<a href="mailto:soloninguno@hotmail.com" target="_blank">soloninguno@hotmail.com</a>></span><br>
<blockquote style="border-left:1px #ccc solid;padding-left:1ex;">
<div><div dir="ltr">I need to create an ipsec vpn between an internal network behind a cisco router and
an ubuntu server in the outside that is directly connected to the web (no
router here).<br><br>Right now I've test openswan to create a client to gateway vpn an works as expected. Unforunately with this configuration I don't have two way traffic, the client sees the internal network, but the network can't see the client.<br>
<br>My knowledge of networks isn't the best, so I need to ask, is it possible to create some kind of virtual nics in ubuntu client server to simulate a gateway and an internal network (with only one machine) in this endpoint, so the machines in the internal network can see this client?<br>
<br>Thanks in advance!<br><br><br> </div></div>
<br>_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br></blockquote></div><br></div></div></div></div></div> </div></div>
</blockquote></div><br></div></div></div>
</div></body>
</html>