[Openswan Users] routing between tunnels
Joost Kraaijeveld
J.Kraaijeveld at Askesis.nl
Thu Nov 18 17:38:16 CET 2004
Hi Paul,
Paul Wouters schreef:
> These seen locally connected, so this experiment might not be
> representative for what you are trying to do. Perhaps you need to
> test using another box:
Ah, I was not clear enough: there is a whole internet between the vigors and the VPN server. Both the vigors and the VPN server are directly connected to the internet with a public IP address
>> What should be the route I have to add to the Vigor routers / VPN
>> server to make it work?
>
> With ipsec, you never 'add routes' manually. It conflicts
> with IPsec policies. VPN tunnels
> are not virtual ethernet cards.
OK. But how do I convince the Vigor routers to send all traffic for the 172.31 and 172.28/29 throught the tunnel? Mmmm. Maybe I should create two tunnels to the VPN server, 1 for each network. Will the OpenSwan VPN server do the appropriate routing (so that I get a star topology and not a mesh topology)?
Additional question: can I somehow see all incomming and outgoing IPSEC traffic on a Linux 2.6 kernel (something like "tcpdump -i eth2 | grep pattern")?
Groeten,
Joost Kraaijeveld
Askesis B.V.
Molukkenstraat 14
6524NB Nijmegen
tel: 024-3888063 / 06-51855277
fax: 024-3608416
e-mail: J.Kraaijeveld at Askesis.nl
web: www.askesis.nl
More information about the Users
mailing list