[Openswan Users] Hub and Spoke
Trevor Benson
tbenson at a-1networks.com
Sun Jun 6 03:49:58 CEST 2004
> -----Original Message-----
> From: Herbert Xu [mailto:herbert at gondor.apana.org.au]
> Sent: Sunday, June 06, 2004 1:26 AM
> To: Herbert Xu
> Cc: Trevor Benson; paul at xelerance.com; users at lists.openswan.org
> Subject: Re: [Openswan Users] Hub and Spoke
>
> Herbert Xu <herbert at gondor.apana.org.au> wrote:
> >
> > Right. What you want then is
> >
> > leftsubnet=192.168.0.0/24
>
> Make that
>
> 192.168.0.0/16
Yeah only problem is I have tried this a few times. What I end up with
is 1 of 2 scenarios. I either cant talk from behind the spoke to the
hub at all, and none of the other spokes, or I can ping into the subnet
behind the hub, but every other spokes subnet give a Request timed out.
Should tcpdump use interface ipsec0 for listening when testing what the
problem is?
I ran into some documents for freeswan 1.x that said routing is screwy
and to customize iproute2 commands, still trying to see if this applies
to the subnet modification, but as it is, this doesn't give me much
better results either. I have also attempted to create a RoadWarrior
Internet Tunnel, with 0.0.0.0/0 set for the subnet so that the laptop
will request all internet traffic through the tunnel, that just caused
no return traffic from the subnet itself, and the internet as well.
Thanks,
Trevor
More information about the Users
mailing list