[Openswan Users]

Greg Scott GregScott at InfraSupportEtc.com
Sun Jul 23 01:09:24 CEST 2006 

Aw nuts, sorry about that.  Lakeville is on the right, Roseville on the
left.  I got my diagram backwards and didn't notice until you pointed it
out.  For the record, it's like this:


Roseville 10.15.1.75 71.216.115.33   Lakeville  209.130.212.154
10.13.1.1 
 Left          eth1   eth0            Right              eth0    eth1


The whole problem was, I used a kernel from kernel.org because of some
other netfilter modules I wanted.  Sheesh - I built it about 3 weeks ago
and it's already obsolete.  And I must have built it wrong because when
I booted my test firewalls using the the original fc5 2.6.15.nnn kernel,
now I see esp packets going out both interfaces.  

I'll bet by now there's an fc5 2.6.17.nnn kernel, so I'm going to grab
that and use it.

- Greg



-----Original Message-----
From: Andy Gay [mailto:andy at andynet.net] 
Sent: Saturday, July 22, 2006 11:56 PM
To: Greg Scott
Cc: users at openswan.org
Subject: Re: [Openswan Users]

On Sat, 2006-07-22 at 19:01 -0500, Greg Scott wrote:
> I must be missing something basic here.  I am trying to a simple 
> tunnel with 2 subnets.  Here is the scenario below.  Apologies if an 
> emailer somewhere along the line butchers the line wrapping.
> 
> Roseville
> Lakeville
> Left
> Right
>                Left Firewall  <-Internet--> Right Firewall
> 10.13.1.0/24  eth1       eth0             eth0             eth1
> 10.15.1.0/24
>               10.13.1.1  71.216.115.33    209.130.212.154  10.15.1.75

So here you say that leftsubnet is 10.13.1.0/24, rightsubnet is
10.15.1.0/24.

But later on in your config file, you have those the other way around:

> [root at lakeville-fw etc]# more ipsec.d/Roseville-Lakeville.conf

> conn Roseville-Lakeville
>         left=71.216.115.33
>         leftsubnet=10.15.1.0/24
>         leftnexthop=71.216.115.38
>         leftid=@roseville.local
>         # RSA 2192 bits   roseville-fw   Thu Jul 20 18:47:26 2006
>         leftrsasigkey=0sAQPHZAiDY....
>         #
>         # Right security gateway, subnet behind it, next hop toward 
> left.
>         right=209.130.212.154
>         rightsubnet=10.13.1.0/24
>         rightnexthop=209.130.212.153
>         rightid=@lakeville.local
>         # RSA 2192 bits   lakeville-fw   Wed Jul 19 21:09:32 2006
>         rightrsasigkey=0sAQNb9diw....
>         #
>         auto=start
>

More information about the Users mailing list