[Openswan Users]

John A. Sullivan III john.sullivan at nexusmgmt.com
Mon Oct 11 13:17:22 CEST 2004

On Mon, 2004-10-11 at 11:55, tomk at runbox.com wrote:
> For anyone in a rush, here's the question: If I set up a host-to-net
> VPN between Host A on Network A and all machines on Network B, does it
> only carry traffic with those particular source and destination
> parameters? Or can it also carry traffic  originating from Host A and
> going to destinations beyond Network B?
> If you have a bit more time, here's the background: I'm using Openswan
> to secure my wireless network, so I have my AP + Debian laptop on
> network, and my main network on In the
> middle of those, I have IPCop 1.4.0, which includes Openswan, and I
> have also installed and configured Openswan on the laptop. IPCop is
> also connected to the internet, and internet access is functioning on
> both and Without the IPSec tunnel, the
> wireless network cannot access the main network - this is as intended.
> When I bring the tunnel up, the laptop CAN access the main network,
> but it CANNOT access the internet. So it seems that the tunnel will
> only carry traffic between the specified source and destination,
> whereas I expected (wrongly?) that it would also carry traffic
> originating from the laptop, passing through IPCop, and heading out to
> the internet.
> Was my original expectation incorrect? If so, is there something I can
> do to enable all traffic from the laptop to use the tunnel?
Yes, the tunnel will only carry what you tell it to carry.  If you've
only told it to carry traffic for, that's all it will
do.  If you want all traffic to flow through the tunnel, you could make
the target subnet rather than  I
believe that's how we did our GNOC setup as described in the training
slides on http://iscs.sourceforge.net).  Hope this helps - John
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan at nexusmgmt.com
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit

More information about the Users mailing list