[Openswan Users] Test site-site tunnel in a limited environment
wang juntao
wjt.eric at gmail.com
Fri Jul 29 20:52:57 CEST 2005
Hi, everyone!
To setup a site-site ipsec tunnel ,we need at least 4 computers (i
think),unfortunately I got only three,so I have to just setup an
tunnel like this
clientA--------------gwA-----------------------gwB-------------------clientB
192.168.1.* 211.211.211.* 192.168.2.*
all computer are connected with switch,no router is involved.gwA is a
Real computer running openswan,and gwB is a VMware with two virtual
adapters,this VMware is running on clinetB, which is a Real computer.
clientA is a Real computer running winXP,Do i make this stuff clear?
client A use ip 192.168.1.100 default route is gwA:192.168.1.1
client B use ip 192.168.2.100 default route is gwB:192.168.2.1
gwA use ip 211.211.211.211 to contact gwB:211.211.211.200,I use these
IP to simulate a public network.gwA and gwB point their default route
to each other.I think that will work.
I started with a manual key tunnel ,the conn define on gwA goes like this
conn manual-test
left=211.211.211.211
leftsubnet=192.168.1.0\24
leftnexthop=211.211.211.200
right=211.211.211.200
rightsubnet=192.168.2.0\24
#
auto=manual
esp=3des-md5-96
espauthkey=*******
espenckey=*******
the conn define on gwB is quite similar.
When I ping client B from client A,I can see ESP packets on gwB but
they just got there and nothing happened.
I don't know if this is caused by the wrongly defined conn,or by the
strange network structure.Do I have to get another computer,or there
is any thing wrong in my conn define?
Thanks in advance!
More information about the Users
mailing list