[Openswan Users] dhcp over ipsec

John A. Sullivan III john.sullivan at nexusmgmt.com
Tue May 18 11:31:32 CEST 2004


On Tue, 2004-05-18 at 06:17, Radu Brumariu wrote:
> >>cannot respond to IPsec SA request because no connection is known for
> >>0.0.0.0/0===131.123.35.3[C=US, ST=Ohio, L=Kent, O=KSU, OU=Computer
> >>Science, CN=ipsec.cs.kent.edu,
> >>E=radu at cs.kent.edu]:17/0...131.123.33.179[C=US, ST=Ohio, L=Kent, O=KSU,
> >>OU=Computer Science, CN=radu at cs.kent.edu,
> >>E=radu at cs.kent.edu]:17/0===131.123.35.159/32
> >>    
> >>
> >[JAS- I'm a little confused by the addresses but then again, I've not
> >spent much time with *swan log entries and may just be misreading it. 
> >So your dhcp'd workstation is at 131.123.33.179 and is talking to a VPN
> >gateway with a termination point address of 131.123.35.3 and you are
> >assigning DHCP addresses out of the network which includes the
> >termination point of the gateway (131.123.35.0/24)?]
> >  
> >
> >
> 
> 
> I know it sounds confusing and perhaps, this is what I am doing wrong , 
> but here is what I want to try :
> 
> ( RW w/ routable IP - e.g. 131.123.35.179 ... ) --------------- (VPN GW 
> - 131.123.35.3 ) ---------- (DHCP srv giving 131.123.35.155-159 -     
>                                                                         
>                                |                                      
>             for this test at least )
>                                                                          
>                                   |
> ( RW w/ non-routable IP - 192.168.1.100 ) --- (cable modem ) ------  |   
>             <--- ( not tested yet )
> 
> 
> 
> There may be something really easy that I am doing wrong, but please advise.
<snip>
Now I really am confused :-)
So you are having the DHCP server assign addresses that are on the same
network as the originating address and you are trying to establish a
tunnel through a routing gateway but to communicate on the same subnet?

If so, that sounds like trouble from a fundamental routing perspective.

Where does the 192.168.1.100 fit into the picture?
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan at nexusmgmt.com



More information about the Users mailing list