[Openswan Users] routing to subnet behind openswan gw
Freight Car
freightcar at gmail.com
Thu May 4 18:04:48 CEST 2006
this is what I have in the lsipsectool log
17:00:46: Starting Tunnel
17:00:46: IKE Encryption: 3des
IKE Integrity: md5
Remote Gateway Address: 10.1.1.100
Remote Monitor Address: 172.16.8.1
Remote Network: 172.16.8.1/255.255.255.0
Local Address: 10.2.2.100
Local Network: 10.2.2.100/255.255.255.255
17:00:46: WinSock Version High : 514 Version : 2
17:00:46: Init checkconnThread::Entry()
17:00:47: Comparing 10.1.1.100 = 10.1.1.100
17:00:47: 0 ECHO REQUEST TO 172.16.8.1 [ OK ]
17:00:47: Comparing 10.1.1.100 = 10.1.1.100
17:00:47: 1 ECHO REQUEST TO 172.16.8.1 [ OK ]
17:00:47: Comparing 10.1.1.100 = 10.1.1.100
17:00:47: 2 ECHO REQUEST TO 172.16.8.1 [ OK ]
17:00:47: Comparing 10.1.1.100 = 10.1.1.100
17:00:47: 3 ECHO REQUEST TO 172.16.8.1 [ OK ]
17:00:47: Comparing 10.1.1.100 = 10.1.1.100
17:00:47: 4 ECHO REQUEST TO 172.16.8.1 [ OK ]
17:00:47: Comparing 10.1.1.100 = 10.1.1.100
17:00:47: 5 ECHO REQUEST TO 172.16.8.1 [ OK ]
17:01:17: Comparing 10.1.1.100 = 10.1.1.100
17:01:17: 6 ECHO REQUEST TO 172.16.8.1 [ OK ]
it looks that there is a tunnel but when I ping the IP adress
172.16.8.1 I get the host unreachable msg, it will not even attempt to
use the policies
On 5/4/06, Freight Car <freightcar at gmail.com> wrote:
>
> when I ping the internal interface of the vpn gateway 172.16.8.1 i get response from default gateway "host unrechable". there is no route to that network on any of the hosts. why the packets destined to that 172.16.8.0 network are sent to default gateway? they should be sent to the tunnel (in this case vpn gateway adderess which is 10.1.1.100) is this correct? you were right the IP forwarding on the gateway was disabled, but i need that to reach any hosts on that network but i should be able to reach the internal interface even when the IP forwarding is disabled, at least i could from the default gateway.
>
>
>
More information about the Users
mailing list