[Openswan Users] FW: Net to Net connection question.
andy at andynet.net
Thu Dec 21 13:06:25 EST 2006
On Thu, 2006-12-21 at 14:46 +0000, Steve Hamblett wrote:
> I have the following setup :-
> (192.168.0.253) - Local laptop running FC6
> (xxx.xxx.xxx.xxx)/(192.168.0.1) - Local server/firewall/router
> running FC6
> -- internet
> (yyy.yyy.yyy.yyy) - Remote watchguard soho 6 VPN box
> (aaa.aaa.aaa.aaa) - Remote network
> When I run openswan from my laptop to set up a net-to-net
> tunnel(pre-shared key) through the soho 6 VPN box all works
> well, I can see all machines on the remote net through the
> tunnel as expected , however, if I run openswan on my local
> server machine and change the conn details appropriately to
> use its local address(192.168.0.1) and the correct eth
> device(as this has 2) then the tunnel comes up but I cant see
> the remote net. Pinging seems to not go down the tunnel ie I
> get ICMP replies back from routers on my internet subnet,
> hence I cant see the remote subnet from this machine. I've
> obviously missed something here, note that I'm trying to do
> this without touching any other parameters on any other box,
> ie no changes to my local server or watchguard box, just by
> changing openswan conn parameters alone. Is this possible?
Sound like you may need to set 'leftsourceip=192.168.0.1' (assuming your
server is 'left').
> I can post conn files and ipsec verify etc if needed, indeed
> 'ipsec verify' when run on my server machine does complain
> about ICMP redirects, but as said above I dont want to change
> anything at the machine level if I can help it.
> Thanks in advance
> Steve H.
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> Users at openswan.org
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users