<HTML><BODY>hi !<br>i try it rightsubnet to 0.0.0.0/0<br>IF i set rightsubnet to 0.0.0.0/0 i can pint 1 site but can't ping 2 site .... my CheckPoint say /// invalid id information<br><br><br><br><br>Tue, 10 Jun 2014 09:12:29 +0100 от Nick Howitt <nick@howitts.co.uk>:<br>
<blockquote style="border-left:1px solid #0857A6; margin:10px; padding:0 0 0 10px;">
<div id="">
<div class="js-helper js-readmsg-msg">
<style type="text/css"></style>
<div>
<base target="_self" href="https://e.mail.ru/">
<div id="style_14023879580000000166_BODY">I believe you need to set rightsubnet to 0.0.0.0/0. Match it in your <br>
remote config. If it is important that the users can only access the <br>
internet via the VPN,you may also want to add a firewall rule blocking <br>
all traffic in the FORWARD chain (assuming iptables) in case the tunnel <br>
goes down.<br>
<br>
Nick<br>
<br>
On 2014-06-10 08:28, Aleksander Ol wrote:<br>
> config setup<br>
> interfaces="%defaultroute"<br>
> nat_traversal=yes<br>
> protostack=netkey<br>
> plutostderrlog=/var/log/pluto.log<br>
> plutodebug="all"<br>
> conn VPN<br>
> forceencaps=yes<br>
> dpddelay=30<br>
> dpdtimeout=120<br>
> dpdaction=restart<br>
> ike=aes-256-sha1;modp1024<br>
> ikelifetime=86400s<br>
> authby=secret<br>
> type=tunnel<br>
> salifetime=3600s<br>
> pfs=yes<br>
> phase2=esp<br>
> phase2alg=aes-128-sha1;modp1024<br>
> left=185.XXX.XXX<br>
> leftsubnet=10.XXX.XXX.XXX/24<br>
> leftnexthop=%defaultroute<br>
> right=91.YYY.YYY.YYY<br>
> rightsubnet=10.11.YYY.YY/24<br>
> rightnexthop=%defaultroute<br>
> auto=start<br>
> <br>
> Mon, 09 Jun 2014 09:37:59 +0100 от Dan Cave <<a href="/compose?To=dan.cave@me.com">dan.cave@me.com</a>>:<br>
> <br>
>> Please post your configuring<br>
>> <br>
>> :)<br>
>> <br>
>> On 8 Jun 2014 19:07, Aleksander Ol <<a href="/compose?To=aleksander_2005@mail.ru">aleksander_2005@mail.ru</a> [1]><br>
>> wrote:<br>
>>> <br>
>>> Good afternoon.<br>
>>> I can not send traffic as IPSEC.<br>
>>> <br>
>>> configured so<br>
>>> 1) Eth0 ( Internal Network .... 192.168.0.0/24 )<br>
>>> 2) Eth1 ( Internet )<br>
>>> <br>
>>> I setup Openswan IPsec .... use (netkey )<br>
>>> Now All local traffic work fine ... but i neet route all traffic<br>
>> to VPN .... Internet also.<br>
>>> I need that users went through a remote gateway with any<br>
>> established VPN connection<br>
>>> If that does not work VPN Internet also should not work<br>
>>> <br>
>>> The problem is that OpenSwan IPSEC does not create a separate<br>
>> interface<br>
>>> <br>
>>> If anyone knows how to config. Help please<br>
>>> <br>
>>> Sorry for my english<br>
>>> <br>
>>> <br>
>>> --<br>
>>> Aleksander Ol<br>
> <br>
> <br>
> <br>
> Links:<br>
> ------<br>
> [1] <br>
> <a href="http://howitts.poweredbyclear.com/compose?To=aleksander_2005@mail.ru" target="_blank">http://howitts.poweredbyclear.com/compose?To=aleksander_2005@mail.ru</a><br>
> <br>
> _______________________________________________<br>
> <a href="/compose?To=Users@lists.openswan.org">Users@lists.openswan.org</a><br>
> <a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
> Building and Integrating Virtual Private Networks with Openswan:<br>
> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</div>
<base target="_self" href="https://e.mail.ru/">
</div>
</div>
</div>
</blockquote>
<br></BODY></HTML>