[Openswan Users] Fw: Net to Net connection question.

Steve Hamblett shamblett at cwazy.co.uk
Thu Dec 21 09:47:02 EST 2006


----- Original Message ----- 
From: Steve Hamblett 
To: stephen.hamblett at thalesgroup.com 
Sent: Thursday, December 21, 2006 2:46 PM
Subject: Net to Net connection question.


Hi,

I have the following setup :-

(192.168.0.253) - Local laptop running FC6
||
(xxx.xxx.xxx.xxx)/(192.168.0.1) - Local server/firewall/router running FC6
||
-- internet
||
(yyy.yyy.yyy.yyy) - Remote watchguard soho 6 VPN box
||
(aaa.aaa.aaa.aaa) - Remote network

When I run openswan from my laptop to set up a net-to-net tunnel(pre-shared key) through the soho 6 VPN box all works well, I can see all machines on the remote net through the tunnel as expected , however, if I run openswan on my local server machine and change the conn details appropriately to use its local address(192.168.0.1) and the correct eth device(as this has 2)  then the tunnel comes up but I cant see the remote net. Pinging seems to not go down the tunnel ie I get ICMP replies back from routers on my internet subnet, hence I cant see the remote subnet from this machine. I've obviously missed something here, note that I'm trying to do this without touching any other parameters on any other box, ie no changes to my local server or watchguard box, just by changing openswan conn parameters alone. Is this possible? 

I can post conn files and ipsec verify etc if needed, indeed 'ipsec verify' when run on my server machine does complain about ICMP redirects, but as said above I dont want to change anything at the machine level if I can help it.

Thanks in advance

Steve H.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061221/413a4743/attachment.html 


More information about the Users mailing list