[Openswan Users] SuSE 9.2 tunneling 2 LANS

Tom Reijnders reijnders at tor.nl
Thu Mar 10 08:58:47 CET 2005


I solved my problems. I was strugling with the way ipsec is implemented in 
6.2 and how to get the firewall (SuSEfirewall2) to handle it properly.

In the end, it all boiled down that to firewall configuration problems.

 - On the linux gateway I added:
  leftsourceip= < LAN ip address>

(Or you hav to set up a second tunnel to allow traffic from the public IP 
address to the other LAN)
All this is necessary because of the way masquerading kicks in now.

In the firewall (SuSEfirewall2) I had to (besides allowing the normal isakmp, 
esp, ah settings) set the TRUST_IPSEC to int and ALLOW_CLASS_ROUTING to true.

This makes sure that ipsec traffic is treated as internal traffic, and the 
second setting allows routing between internal interfaces.

> L.S,
> I've got SuSE 9.2 and SuSE's OpenSwan on 2 linux machines. I have 
> setup a tunnel  between 2 LAN's using the linux boxes as gateways. I 
> can reach the LAN addresses of both gateways through the tunnel, but 
> I cannot get through from a PC on the 1 LAN to the other LAN
> Any suggestion is appreciated.
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users

TOR Informatica 
reijnders at tor.nl

More information about the Users mailing list