[Openswan Users] net-to-net configuration

Ian Firla ian.firla at gmail.com
Thu May 18 19:48:35 CEST 2006

Hello All,

I've followed the net-to-net configuration instructions on


My network looks like this:

Local Lan
local openswan server ( eth0, public ip eth1)
remote openswan server ( eth0, public ip eth1)
Remote Lan

My ipsec.conf  file is:

conn net-to-net
    left=publicip                 # Local vitals
    leftsubnet=       #
    leftid=@ostc-poland-vpn         #
    leftnexthop=%defaultroute      # correct in many situations
    right=publicip                # Remote vitals
    rightsubnet=        #
    rightid=@bromley-vpn        #
    rightnexthop=%defaultroute     # correct in many situations
    auto=start                       # authorizes but doesn't start this
                                   # connection at startup

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

Raising the tunnel is successful:

117 "net-to-net" #14: STATE_QUICK_I1: initiate
004 "net-to-net" #14: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x9924f171 <0x7b02f068}

>From a client pc on the local lan (, I can ping the
private ip address on the remote server ( but I can't,
for example, ping anything behind it (ie. or

Yes, I've confirmed that those addresses are pingable from the remote gateway.

Any ideas on what I should be looking at and where?

Many thanks in advance,


More information about the Users mailing list