[Openswan Users] RV: Problem to connect 2 connections one for
internet and another for VPN
Ted Kaczmarek
tedkaz at optonline.net
Mon Jan 3 21:43:10 CET 2005
On Mon, 2005-01-03 at 13:32 -0300, Pedro Diaz wrote:
>
> Good afternoon: I need if they can help me
>
> I have 2 Servants with Fedora Core 1 Kernel-2.4.22-1.2197.ntpl, with the
> following packages Openswan:
> Kernel-modulate-openswan-2.4.22-1.2197.ntpl-2.1.4-fc1.dag.i686.rpm and the
> Openswan-utils-2.1.4-1.fc1.dag.i686.rpm.
>
> As Firewall I have the shorewall 2.1
>
> All this works well when having alone an In-date IP.
> When having 2 In-date IP, one to leave to Internet and the other one for the
> VPN, works in aleatory form.
>
> I have the following outline:
>
> Servant 1 :
> eth0 ------ 200.72.20.250 RED INTERNET
> 200.72.20.249 GW
>
> eth1 ----- 192.168.1.1 RED LOCAL
>
> eth2 ----- 200.72.247.68 RED VPN
> 200.72.247.66 GW
>
>
> Servant 2
>
> eth0 ------ 200.107.66.36 RED INTERNET
> 200.107.66.33 GW
>
> eth1 ----- 192.168.2.1 RED LOCAL
>
> eth2 ----- 200.107.66.38 RED VPN
> 200.107.66.33 GW
>
>
> I need to have the security if it works and it works well this configuration
> Forgive the translation.
>
> Greetings....
>
>
> Pedro Diaz Gallardo
> mail : pdiaz at sistemasavanzados.cl
>
>
Not sure what you mean by "IN-date".
Are you referring to the encapsulated traffic?
You need to match up the left on Servant 1 with the right on Servant 2,
and vice versa.
Only traffic that matches that policy is encapsulated and encrypted.
What happens to the other traffic that is not matched by that policy is
determined by your firewall rules, assuming you have a firewall.
Ted
More information about the Users
mailing list