[Openswan dev] [PATCH] Updates to the ipsec.conf man page for
tis at foobar.fi
Fri Jun 11 00:27:11 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Nate Carlson wrote:
| I'm finally getting a chance to test this so I can document it, and am
| getting it to work. Here's my configuration right now; all IP's are
| actually public.
| Oxygen: Firewall for one of my public networks, running OS 2.1.2cvs
| Knight: My laptop, running same version of Openswan
| oxygen config:
| conn oxygen-test-net
| conn oxygen
| knight config:
| conn oxygen-net-test
| # Tried with and without this
| conn oxygen
That's really documented in README.AdvancedRouting which comes with
openswan-1 advanced routing patch.
| I do also have proxy arp enabled, and I am able to ping the .25 address
| from other hosts on the internal network. However, if I try to connect to
| the .25 address, the connections are handled locally by oxygen instead of
| being forwarded onto knight.
But of course. You have assigned that ip to Oxygen, not knight.
| When making a connection from Knight to
| another box behind Oxygen (on the 10.10.10.0/27 network), the connection
| is from Knight's real IP, not the virtual IP.
Yep. because you didn't activate sourceip on knight.
| Any ideas, or should I just keep playing with it?
Fix config and try again :-)
Tuomo Soini <tis at foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Dev