[Openswan Users] SuSE 9.2 tunneling 2 LANS

Ludwig Nussel ludwig.nussel at suse.de
Thu Mar 10 10:30:32 CET 2005

Tom Reijnders wrote:
> I solved my problems. I was strugling with the way ipsec is implemented in 
> 6.2 and how to get the firewall (SuSEfirewall2) to handle it properly.
> In the end, it all boiled down that to firewall configuration problems.
>  - On the linux gateway I added:
>   leftsourceip= < LAN ip address>
> (Or you hav to set up a second tunnel to allow traffic from the public IP 
> address to the other LAN)
> All this is necessary because of the way masquerading kicks in now.
> In the firewall (SuSEfirewall2) I had to (besides allowing the normal isakmp, 
> esp, ah settings) set the TRUST_IPSEC to int and ALLOW_CLASS_ROUTING to true.

Keep in mind that ALLOW_CLASS_ROUTING affects all zones so if you
have e.g. two external zones you probably don't want to set that.

If your two networks are and something
like this might work as well:


(You still need to set FW_IPSEC_TRUST to something so that the ipsec
flag actually works as expected)


 (o_   Ludwig Nussel
 //\   SUSE LINUX Products GmbH, Development
 V_/_  http://www.suse.de/

More information about the Users mailing list