[Openswan Users] Conceitual doubt
Thiago Campos
tmclistas at uol.com.br
Wed Sep 14 21:31:44 CEST 2005
Hello,
I want to set up a vpn in 2 situations:
1) VPN Server + Road warrior user
172.17.33.1 (local) ------- 000.000.000.000 (external IP) ------------
000.000.000.000 (road warrior)
172.17.33.1 (local IP - eth0)
The road warrior user need to reach 172.17.33.1
2) VPN Server + Road Warrior user behind a gateway
172.17.33.1 (local) ---- 0.0.0.0 (external IP) ----- 0.0.0.0 (external
IP)---192.168.0.10 (local)
172.17.33.1 (eth0)
The user on 192.168.0.10 ned to reach 172.17.33.1
I think all users should be road warrior because in the situation 2 i dont't
to connect the hole network. But on /var/log/secure the error messages are
different
1) Sep 14 19:09:57 sbf-vpn pluto[2726]: ERROR: asynchronous network error
report on eth1 (sport=500) for message to road_warrior_ip port 500,
complainant my_server_ip: No route to host [errno 113, origin ICMP type 3
code 1 (not authenticated)]
2) Sep 14 19:20:02 sbf-vpn pluto[2726]: "sbfroad"[9] road_gateway_ip#14:
cannot respond to IPsec SA request because no connection is known for
vpn_server_ip:17/1701...road_gateway_ip[192.168.0.10]:17/1701===192.168.0.10/32
What should i do set up 2 connections in ipsec.conf or only one?
I think i need to add a route, how should be the command? (something like
above?)
route add -net 172.17.33.0 netmask 255.255.255.0 gw 172.17.33.2 dev ppp0
Thanks
Thiago
More information about the Users
mailing list