[Openswan Users] Ipsec policies

Paul Wouters paul at xelerance.com
Wed Feb 1 21:59:48 CET 2006


On Wed, 1 Feb 2006, webmaster @ elnportal.it wrote:

> but the tunnel from local to remote subnet is up and running
>
> 10.0.0.0 local
> 10.0.1.0 remote
>
> GW on remote (a specific router different from OSWAN gw) 10.0.1.1
>
> I can ping 10.0.1.1 but can't add route on 10.0.0.1 (local openswan gw) like
>
> route add -net aaa.bbb.ccc.ddd netmask 255.255.255.255 gw 10.0.1.1

If you have a tunnel up from 10.0.0.0/24 to 10.0.1.0/24 then 10.0.0.73 should
be able to ping 10.0.1.113.
You can NOT do the route add you suggest on 10.0.0.1 if aaa.bbb.ccc.ddd/32
lives behind 10.0.1.1. Instead you need to make ANOTHER ipsec tunnel with
leftsubnet=10.0.0.0 and rightsubnet=aaa.bbb.ccc.0/24 (or aaa.bbb.ccc.ddd/32)

Paul


More information about the Users mailing list