[Openswan Users] Tunnel / Routing Woes

[John A. Sullivan III]

On Thu, 2005-11-10 at 13:09 -0600, Bryan McAninch wrote:
> Hi all,
> 
> I have a firewall/endpoint with two net-to-net tunnels currently
> established. I would like the endpoint itself to also be able to talk to
> the remote networks, but I am unable to figure out how to do so. I have
> read some old FreeSWAN documentation on using the 'ip' utility to accomplish
> 
> this, but it still seems a bit unclear.
> 
> The existing tunnels are defined as such:
> 
> conn netA-netB
> 	left=a.b.c.d
> 	leftsubnet=10.64.71.0/24
> 	right=e.f.g.h
> 	rightsubnet=10.64.0.0/19
> 	authby=secret
> 	auto=start
> 
> conn netB-netA
> 	left=a.b.c.d
> 	leftsubnet=10.64.71.0/24
> 	right=e.f.g.h
> 	rightsubnet=172.30.0.0/16
> 	authby=secret
> 	auto=start
> 
> I would like the endpoint, a.b.c.d, to be able to communicate with both
> the 10.64.0.0/19 and 172.30.0.0/16 subnets (for syslog, etc).
> 
> [root at endpoint] ip route get 10.64.0.0/19
> 10.64.0.0 via a.b.c.d dev ipsec0 src a.b.c.d
> 	cache mtu 16260 advmss 16220
> [root at endpoint] ip route get 172.30.0.0/16
> 172.30.0.0 via a.b.c.d dev ipsec0 src a.b.c.d
> 	cache mtu 16260 advmss 16220
> 
> Any pointers?
> 
<snip>
Yes, I believe there is a complete explanation of how to do this in the
training section of the ISCS network security management web site
(http://iscs.sourceforge.net).  The training slide shows are a little
dated but this information should still be entirely valid.  Good luck -
John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

Financially sustainable open source development
http://www.opensourcedevel.com