[Openswan Users] net-to-net configuration
Ian Firla
ian.firla at gmail.com
Thu May 18 19:48:35 CEST 2006
Hello All,
I've followed the net-to-net configuration instructions on
http://wiki.openswan.org/index.php/Configuring
My network looks like this:
Local Lan 192.168.1.0/24
|
local openswan server (192.168.1.3 eth0, public ip eth1)
|
remote openswan server (192.168.20.5 eth0, public ip eth1)
|
Remote Lan 192.168.20.0/24
My ipsec.conf file is:
conn net-to-net
left=publicip # Local vitals
leftsubnet=192.168.1.0/24 #
leftid=@ostc-poland-vpn #
leftrsasigkey=0sAQO***
leftnexthop=%defaultroute # correct in many situations
right=publicip # Remote vitals
rightsubnet=192.168.20.0/24 #
rightid=@bromley-vpn #
rightrsasigkey=0sAQP***
#
rightnexthop=%defaultroute # correct in many situations
auto=start # authorizes but doesn't start this
# connection at startup
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
Raising the tunnel is successful:
117 "net-to-net" #14: STATE_QUICK_I1: initiate
004 "net-to-net" #14: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x9924f171 <0x7b02f068}
>From a client pc on the local lan (192.168.1.4), I can ping the
private ip address on the remote server (192.168.20.5) but I can't,
for example, ping anything behind it (ie. 192.168.20.41 or
192.168.20.1).
Yes, I've confirmed that those addresses are pingable from the remote gateway.
Any ideas on what I should be looking at and where?
Many thanks in advance,
Ian
More information about the Users
mailing list