<div dir="ltr"><div style>You're closer!</div><div><br></div><div>This maybe help you<br></div><div><br></div><div style>I used this for route:</div><div style><br></div><div style><span style="font-family:arial,sans-serif;font-size:13px"> ip </span><span class="" style="font-family:arial,sans-serif;font-size:13px">route</span><span style="font-family:arial,sans-serif;font-size:13px"> add </span><a href="http://128.9.0.0/16" target="_blank" style="font-family:arial,sans-serif;font-size:13px">128.9.0.0/16</a><span style="font-family:arial,sans-serif;font-size:13px"> via 128.100.100.1 dev eth0 proto static src </span><a href="http://172.22.11.10/32" target="_blank" style="font-family:arial,sans-serif;font-size:13px">172.22.11.10/32</a><br>
</div><div style><br></div><div style>This is my iptables-save result:</div><div style><br></div><div style><div>*nat</div><div>:PREROUTING ACCEPT [7890242:571675663]</div><div>:INPUT ACCEPT [7207255:467688388]</div><div>
:OUTPUT ACCEPT [1540066:101645951]</div><div>:POSTROUTING ACCEPT [1540060:101645591]</div><div>-A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu</div><div>-A POSTROUTING -s <a href="http://200.96.218.135/32">200.96.218.135/32</a> -d <a href="http://172.22.11.10/32">172.22.11.10/32</a> -o eth0 -j MASQUERADE</div>
<div>-A POSTROUTING -s <a href="http://128.9.0.0/16">128.9.0.0/16</a> -d <a href="http://172.22.11.10/32">172.22.11.10/32</a> -o eth0 -j MASQUERADE</div><div><br></div><div style>check this link:</div><div style><br></div>
<div style>I had problem with packages and here help me to solve</div><div style><br></div><div style><a href="https://lists.openswan.org/pipermail/users/2013-May/022381.html">https://lists.openswan.org/pipermail/users/2013-May/022381.html</a><br>
</div><div style><br></div><div style>Regards!</div><div style><br></div></div></div><div class="gmail_extra"><br clear="all"><div>--<div>Alonso Manilla</div></div>
<br><br><div class="gmail_quote">2013/6/8 Jose M <span dir="ltr"><<a href="mailto:soloninguno@hotmail.com" target="_blank">soloninguno@hotmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div dir="ltr">Thanks Alonso!<br><br>Could you give me some hints how to create routes and iptables to get this working?<br><br><div><hr>From: <a href="mailto:alonso.manilla@gmail.com" target="_blank">alonso.manilla@gmail.com</a><br>
Date: Fri, 7 Jun 2013 17:07:34 -0500<div class="im"><br>Subject: Re: [Openswan Users] Gateway to gateway without router in one endpoint?<br></div>To: <a href="mailto:soloninguno@hotmail.com" target="_blank">soloninguno@hotmail.com</a><br>
CC: <a href="mailto:users@lists.openswan.org" target="_blank">users@lists.openswan.org</a><div><div class="h5"><br><br><div dir="ltr">It's possible to create virtual nics.<div><br></div><div>Use #: </div><div>ifconfig eth0:1 192.168.1.5 netmask 255.255.255.0</div>
<div><br></div><div>to make it permanent change the /etc/network/interfaces file.</div>
<div><br></div><div>then you need to create a route to send all packets from vpn to the new ip address, also need to check your iptables.</div><div><br></div><div>Good luck.</div><div><br></div>
<div><br clear="all"><div>--<div>Alonso Manilla</div></div>
<br><br><div>2013/6/7 Jose M <span dir="ltr"><<a href="mailto:soloninguno@hotmail.com" target="_blank">soloninguno@hotmail.com</a>></span><br>
<blockquote style="border-left:1px #ccc solid;padding-left:1ex">
<div><div dir="ltr">I need to create an ipsec vpn between an internal network behind a cisco router and
an ubuntu server in the outside that is directly connected to the web (no
router here).<br><br>Right now I've test openswan to create a client to gateway vpn an works as expected. Unforunately with this configuration I don't have two way traffic, the client sees the internal network, but the network can't see the client.<br>
<br>My knowledge of networks isn't the best, so I need to ask, is it possible to create some kind of virtual nics in ubuntu client server to simulate a gateway and an internal network (with only one machine) in this endpoint, so the machines in the internal network can see this client?<br>
<br>Thanks in advance!<br><br><br>                                            </div></div>
<br>_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br></blockquote></div><br></div></div></div></div></div>                                            </div></div>
</blockquote></div><br></div>