[Openswan Users]

[Paul Wouters]

On Wed, 12 Apr 2006, Andre Mueller wrote:

> main office   [   SuSE Gateway      ]     [  Zyxel Prestige 660 ]
>
> 10.0.0.0/16 - 10.0.0.1 = 62.XX.YY.114 ... 212.XX.YY.80 = 10.1.0.1 -
> 10.1.0.0/16
> LAN           eth0       eth2             wan            eth0       LAN
>
>
> With the Openswan configuration below the branch office Zyxel Router can
> establish an tunnel successfully but unfortunately the intended route between
> both local subnets do not work.

Are you using netkey or klips. If using netkey, use interfaces"%defaultroute"

> bound to the public interface eth2 and traffic coming from the branch office
> over the tunnel is showing up at eth2 (iftop -i eth2) and not as it is
> intended on eth0 to be route to the local subnet at the head office. So I
> think I have missed something important. I have read the FAQ about multiple
> tunnels but with the Zyxel Prestige 660 I can configure only two VPN
> connections/tunnels and I would like to have the second one as reserve to
> connect to an additional planed branch office.

I am not sure what "more tunnels" has to do with this. If you need more
then one subnet-to-subnet, you will have to configure more then one tunnel.
You cannot "route add" stuff through an ipsec tunnel (unles syou add another
layer of encapsulation, eg use GRE)

If you mean your one tunnel is not workin:
check with ipsec verify.
check that NAT is not natting ipsec packets

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155