[Openswan Users] linux 2.6 remote network routes ??

hferrendier at netinary.com hferrendier at netinary.com
Thu Aug 5 09:41:39 CEST 2004 


In order to ping your subnetwork : 212.219.10.128/25 you need to check that
an appropriate policy have been added to the policies in kernel, have a look
at :
setkey -DP (as far as you config is not symetrical check on both sides)

you should see a correct subnet / mask route there.

Take care that in order for your configuration to work you must ping from
195.248.116.90 only.

to be sure use ping 212.219.10.xxx -I 195.248.116.

did you get an ipsec barf result for debugging purpose ?

regards

herve


-----Message d'origine-----
De : users-bounces at lists.openswan.org
[mailto:users-bounces at lists.openswan.org] De la part de Colin Johnston
Envoyé : jeudi 5 août 2004 00:02
À : users at lists.openswan.org
Objet : [Openswan Users] linux 2.6 remote network routes ??
Importance : Haute

Dear all,
After some help on the irc channel I managed to get vpn client > gateway
remote lan ip working ok. However ...

client is mac osx vpn tracker.                      195.248.116.90
Server is linux 2.6        ipsec auto 2.2.0dr2      212.219.11.97

see below ipsec.conf on server
version 2.0
config setup
        interfaces="ipsec0=eth1"
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        klipsdebug=none
        plutodebug="control parsing"
include /etc/ipsec.d/examples/no_oe.conf
conn road 
        type=passthrough
        authby=secret
        pfs=no 
        left=195.248.116.90
        right=212.219.11.97
        rightsubnet=212.219.10.128/25
        rightnexthop=212.219.11.102
        auto=add

The problem is the following,  once the VPN is live i can ping
212.219.10.135 (which is the remote wan side of the vpn server) from
195.248.116.90 osx client.
A static host route is automatically added on gateway
195.248.116.90  212.219.11.102  255.255.255.255 UGH       0 0          0
eth1

However this(212.219.10.135) is the only host I can ping on the
212.219.10.128/25 lan and hence office machines cannot be contacted etc.

Any idea what is wrong ??


Thanks in advance

Colin Johnston

_______________________________________________
Users mailing list
Users at lists.openswan.org
http://lists.openswan.org/mailman/listinfo/users

More information about the Users mailing list