[Openswan Users] FW: Net to Net connection question.

Steve Hamblett stephen.hamblett at thalesgroup.com
Thu Dec 21 09:46:32 EST 2006


  I have the following setup :-

  ( - Local laptop running FC6
  (xxx.xxx.xxx.xxx)/( - Local server/firewall/router running FC6
  -- internet
  (yyy.yyy.yyy.yyy) - Remote watchguard soho 6 VPN box
  (aaa.aaa.aaa.aaa) - Remote network

  When I run openswan from my laptop to set up a net-to-net
tunnel(pre-shared key) through the soho 6 VPN box all works well, I can see
all machines on the remote net through the tunnel as expected , however, if
I run openswan on my local server machine and change the conn details
appropriately to use its local address( and the correct eth
device(as this has 2)  then the tunnel comes up but I cant see the remote
net. Pinging seems to not go down the tunnel ie I get ICMP replies back from
routers on my internet subnet, hence I cant see the remote subnet from this
machine. I've obviously missed something here, note that I'm trying to do
this without touching any other parameters on any other box, ie no changes
to my local server or watchguard box, just by changing openswan conn
parameters alone. Is this possible?

  I can post conn files and ipsec verify etc if needed, indeed 'ipsec
verify' when run on my server machine does complain about ICMP redirects,
but as said above I dont want to change anything at the machine level if I
can help it.

  Thanks in advance

  Steve H.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061221/093c3cff/attachment.html 

More information about the Users mailing list