[Openswan Users] Conceitual doubt

Thiago Campos tmclistas at uol.com.br
Wed Sep 14 21:31:44 CEST 2005


Hello,

I want to set up a vpn in 2 situations:

1) VPN Server + Road warrior user

172.17.33.1 (local) ------- 000.000.000.000 (external IP) ------------  
000.000.000.000 (road warrior)
                                    172.17.33.1 (local IP - eth0)

The road warrior user need to reach 172.17.33.1

2) VPN Server + Road Warrior user behind a gateway

172.17.33.1 (local) ---- 0.0.0.0 (external IP) ----- 0.0.0.0 (external 
IP)---192.168.0.10 (local)
                                172.17.33.1 (eth0)

The user on 192.168.0.10 ned to reach 172.17.33.1

I think all users should be road warrior because in the situation 2 i dont't 
to connect the hole network. But on /var/log/secure the error messages are 
different

1) Sep 14 19:09:57 sbf-vpn pluto[2726]: ERROR: asynchronous network error
report on eth1 (sport=500) for message to road_warrior_ip port 500,
complainant my_server_ip: No route to host [errno 113, origin ICMP type 3
code 1 (not authenticated)]

2) Sep 14 19:20:02 sbf-vpn pluto[2726]: "sbfroad"[9] road_gateway_ip#14: 
cannot respond to IPsec SA request because no connection is known for 
vpn_server_ip:17/1701...road_gateway_ip[192.168.0.10]:17/1701===192.168.0.10/32

What should i do set up 2 connections in ipsec.conf or only one?
I think i need to add a route, how should be the command? (something like 
above?)

route add -net 172.17.33.0 netmask 255.255.255.0 gw 172.17.33.2 dev ppp0

Thanks

Thiago 



More information about the Users mailing list