[Openswan Users] dhcp over ipsec
John A. Sullivan III
john.sullivan at nexusmgmt.com
Tue May 18 11:31:32 CEST 2004
On Tue, 2004-05-18 at 06:17, Radu Brumariu wrote:
> >>cannot respond to IPsec SA request because no connection is known for
> >>0.0.0.0/0===131.123.35.3[C=US, ST=Ohio, L=Kent, O=KSU, OU=Computer
> >>Science, CN=ipsec.cs.kent.edu,
> >>E=radu at cs.kent.edu]:17/0...131.123.33.179[C=US, ST=Ohio, L=Kent, O=KSU,
> >>OU=Computer Science, CN=radu at cs.kent.edu,
> >>E=radu at cs.kent.edu]:17/0===131.123.35.159/32
> >>
> >>
> >[JAS- I'm a little confused by the addresses but then again, I've not
> >spent much time with *swan log entries and may just be misreading it.
> >So your dhcp'd workstation is at 131.123.33.179 and is talking to a VPN
> >gateway with a termination point address of 131.123.35.3 and you are
> >assigning DHCP addresses out of the network which includes the
> >termination point of the gateway (131.123.35.0/24)?]
> >
> >
> >
>
>
> I know it sounds confusing and perhaps, this is what I am doing wrong ,
> but here is what I want to try :
>
> ( RW w/ routable IP - e.g. 131.123.35.179 ... ) --------------- (VPN GW
> - 131.123.35.3 ) ---------- (DHCP srv giving 131.123.35.155-159 -
>
> |
> for this test at least )
>
> |
> ( RW w/ non-routable IP - 192.168.1.100 ) --- (cable modem ) ------ |
> <--- ( not tested yet )
>
>
>
> There may be something really easy that I am doing wrong, but please advise.
<snip>
Now I really am confused :-)
So you are having the DHCP server assign addresses that are on the same
network as the originating address and you are trying to establish a
tunnel through a routing gateway but to communicate on the same subnet?
If so, that sounds like trouble from a fundamental routing perspective.
Where does the 192.168.1.100 fit into the picture?
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan at nexusmgmt.com
More information about the Users
mailing list