[Openswan Users] Fwd: Tunnel working "one way only"
Paul Wouters
paul at xelerance.com
Mon Apr 2 14:59:30 EDT 2007
On Mon, 2 Apr 2007, Antonio Ávila wrote:
> Hi all, I'm a newbie in ipsec issues, and I'm hanged up with a problem. I
> was able to configure the tunnel, but the tunnel is only working in one way.
> Let me show you the net topology and the configuration files:
> 10.1.2.0/24-------192.168.2.2====TUNNEL====192.168.2.1---------192.168.1.0/24
> In the right and the left machine iptables are empty and their policies are
> ACCEPT by default. In the Right box I have ip_forward activated.
Not on the machine on the left?
> conn tunnconn
> type=tunnel
> left=192.168.2.2
> leftnexthop=192.168.2.1
> right=192.168.2.1
Try type=%direct
The situation when using two IPsec machines in the same subnet is fundamentally
different from having two IPsec machines with a box (or a whole internet) in
the middle. If you are doing this for testing a real world deployment, change
the network and add a machine in the middle that's just a router.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list