[Openswan Users] VPN and routing question / problem

Paul Wouters paul at xelerance.com
Mon Sep 11 14:45:19 EDT 2006


On Mon, 11 Sep 2006, Bas Rijniersce wrote:

> I have a machine in India connected to a machine in Vancouver. They can talk
> to each other over the VPN without problems. The Vancouver machine has a
> second VPN that connects to a service provider with an AS/400. Users from
> Vancouver can reach the As/400 without problems. So in summary
>
> [ Mumbai - 192.168.1.0/24 ] ---------------------- [ Vancouver -
> 192.168.70.0/24 ] ---------------------- [ AS/400 - 172.16.7.1/32 ]
>
> Mumbai can reach Vancouver
> Vancouver can reach Mumbai
> Vancouver can reach AS/400
>
> Now how do I get Mumbai to reach AS/400.. I added a route to the machine in
> Mumbai to point traffic to the ipsec tunnel.
> When I "tethereal -i ipsec0" I see the packets entering the tunnel, but they
> never appear on the other side.
>
> Is it possible to route directly to the AS/400?
> What could be wrong?

IPsec tunnels are not "virtual ethernet cards". You cannot just "route add" traffic
into them, since they run with policies. You will have to add the appropriate
tunnels for the source/dest combinations of the packets that need to travel through
tunnels. A hack would be to NAT the packets to an IP that is part of the current
tunnel.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list