[Openswan Users] help for site-to-site vpn
paul at xelerance.com
Tue Jun 7 03:34:14 CEST 2005
On Tue, 7 Jun 2005, Yang Xu wrote:
> I can get the host-host connection up with correct encryption. I use
> conn sitevpn
> #Disable Opportunistic Encryption
> include /etc/ipsec.d/examples/no_oe.conf
> However, as soon as I uncomment the two lines for leftsubnet and
> rightsubnet and restart the ipsec service, it seems don't work any more.
> I test with the tcpdump and ping command, the output is below
> [root at racoon ~]# tcpdump dst host 188.8.131.52
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 11:58:43.151349 IP 184.108.40.206 > 220.127.116.11: icmp 64: echo reply seq 0
That is not a ping from a host in 192.168.2.0/24 to a host in 192.168.0.0/24.
Either add two tunnels, one with and one without the subnet='s, or use
leftsourceip= and rightsourceip= with the internal IP of the gateway machines.
"I am not even supposed to be here today!" -- Clerics
More information about the Users