[Openswan Users] Advanced 2.6 Routing
Travis Groth
travis at netfoo.org
Wed Jun 30 14:05:22 CEST 2004
Hi guys,
I've got an interesting scenario, so far I haven't quite figured out why
I can't get it to fly. I'm using 2.6 native ipsec with opsenswan on
top. Network layout is:
192.168.0.0/24===192.168.0.1[eth0]|a.b.c.d[eth1]----internet----w.x.y.z[
eth1]|192.168.1.1[eth0]===192.168.1.0/24.
Currently, I can get traffic between say... 192.168.0.104 and
192.168.1.101 without issue. Ping, ssh, etc all work fine. This is
with a standard config that looks like:
conn ridge-willi
left=w.x.y.z
leftnexthop=w.x.y.1
leftsubnet=192.168.1.0/24
right=a.b.c.d
rightnexthop=a.b.c.1
rightsubnet=192.168.0.0/24
type=tunnel
auto=start
authby=secret
The problem is, I need
a) 192.168.1.101 to talk to 192.168.0.1
b) 192.168.0.104 to talk to 192.168.1.1
c) 192.168.0.1 to talk to 192.168.1.1
d) 192.168.1.1 to talk to 192.168.0.104
The closest I can get now is that I can ping the private address of the
gateway opposite from me if I'm on a client machine. This does not work
in the opposite direction.
>From the freeswan docs I found something that said I should generate
additional config sections that look like this:
conn ridge-willi-gate
left=w.x.y.z
leftnexthop=w.x.y.1
leftsubnet=192.168.1.0/24
right=a.b.c.d
rightnexthop=a.b.c.1
type=tunnel
auto=start
authby=secret
conn gate-ridge-willi
left=w.x.y.z
leftnexthop=w.x.y.1
right=a.b.c.d
rightnexthop=a.b.c.1
rightsubnet=192.168.0.0/24
type=tunnel
auto=start
authby=secret
Now I know this is from freeswan, and not openswan, but given the code
relationship, I figured it was worth a shot. It turns out that with all
three of these tunnels enabled, only the two gateways can put traffic
across the tunnel(s). Does anyone have any idea how (if at all) this
can be accomplished?
Thanks
--Travis
More information about the Users
mailing list