[Openswan Users] FW: Net to Net connection question.

Andy Gay andy at andynet.net
Thu Dec 21 13:06:25 EST 2006


On Thu, 2006-12-21 at 14:46 +0000, Steve Hamblett wrote:
>  
>         Hi,
>          
>         I have the following setup :-
>          
>         (192.168.0.253) - Local laptop running FC6
>         ||
>         (xxx.xxx.xxx.xxx)/(192.168.0.1) - Local server/firewall/router
>         running FC6
>         ||
>         -- internet
>         ||
>         (yyy.yyy.yyy.yyy) - Remote watchguard soho 6 VPN box
>         ||
>         (aaa.aaa.aaa.aaa) - Remote network
>          
>         When I run openswan from my laptop to set up a net-to-net
>         tunnel(pre-shared key) through the soho 6 VPN box all works
>         well, I can see all machines on the remote net through the
>         tunnel as expected , however, if I run openswan on my local
>         server machine and change the conn details appropriately to
>         use its local address(192.168.0.1) and the correct eth
>         device(as this has 2)  then the tunnel comes up but I cant see
>         the remote net. Pinging seems to not go down the tunnel ie I
>         get ICMP replies back from routers on my internet subnet,
>         hence I cant see the remote subnet from this machine. I've
>         obviously missed something here, note that I'm trying to do
>         this without touching any other parameters on any other box,
>         ie no changes to my local server or watchguard box, just by
>         changing openswan conn parameters alone. Is this possible? 

Sound like you may need to set 'leftsourceip=192.168.0.1' (assuming your
server is 'left').

>          
>         I can post conn files and ipsec verify etc if needed, indeed
>         'ipsec verify' when run on my server machine does complain
>         about ICMP redirects, but as said above I dont want to change
>         anything at the machine level if I can help it.
>          
>         Thanks in advance
>          
>         Steve H.
>          
>          
> 
> -- 
> This message has been scanned for viruses and 
> dangerous content by MailScanner, and is 
> believed to be clean. 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



More information about the Users mailing list