[Openswan Users] Linux-Linux IPsec Tunnel ends at the gateway:
no ping over the gateway in the next subnet
Bram Bouwens
bbouwens at xs4all.nl
Tue Jul 5 21:52:26 CEST 2005
Foren wrote:
> Paul Wouters schrieb:
>
>> On Tue, 5 Jul 2005, foren titze wrote:
>>
>>> Although I have make conn roadwarrior and roadwarrior-net my ping
>>> from the
>>> roadwarrior to the subnet behind the vpn-gateway doesn't go through.
>>
>>
>>
>>> nat_traversal=yes
>>
>>
>>
>>> #virtual_private=%v4:10.0.0.0/24,%v4:192.168.121.0/24
>>
>>
>>
>> You must include virtual_private= for nat traversal. You must not
>> include,
>> but exclude your leftsubnet= range.
>
> virtual_private must be 192.168.121.0/24 at the server and client, or?
>
>>
>>> conn tit-linux-net
>>> leftsubnet=192.168.121.0/24
>>> also=titze-linux
>>>
>>> conn tit-linux
>>> rightnexthop=192.168.121.1
>>
>>
>>
>> It seems both left and right are in the same 192.168.121.0/24 subnet?????
>
> No, only the Server has two Interfaces. One internal .121.0/24 and one
> external.
> The Client has only one interface with, here, an external IP. But when
> the Client is nated, it has an internal IP.
>
This is not very logical. I think the 192.168.121.0/24 is the network
behind the vpn-gateway, which is then considered the `left' side.
Then virtual_private=%v4:10.0.0.0/24,......,%v4:!192.168.121.0/24
with emphasis on the !
Then the right side is the roadwarrior, and it can not have 192.168.121.1
as its next hop.
Bram
More information about the Users
mailing list