[Openswan Users] Clients in the right network are OK but packtesfrom rightserver misroute
Augusto Pizarro
augusto.pizarro at siemconsub.com.br
Wed Feb 7 08:36:17 EST 2007
OK,
that I reallize, but what route?
I have everything to 10.20.0.0 routed to ipsec0. Here is my routes in
the Right Server:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
10.210.21.0 0.0.0.0 255.255.255.0 U 0
0 0 eth1
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0
0 eth0
10.20.0.0 0.0.0.0 255.255.0.0 U 0
0 0 ipsec0
127.0.0.0 0.0.0.0 255.0.0.0 U 0
0 0 lo
0.0.0.0 192.168.200.200 0.0.0.0 UG 0 0
0 eth0
I had a "192.168.200.0 0.0.0.0 255.255.255.0 ipsec0" but I ripped it
off to test.
I also tried to change the "leftnexthop" and "rightnexthop" if no
effect.
This server ( the Right Server ), will have Qmail, Squid and other
services that MUST comunicate directly to servers inside the Left
Network, and its imperative that the traffic must be secure.
Alguma ideia Joao?
Augusto Pizarro
Rio de Janeiro - RJ
Brazil
Em Qua, 2007-02-07 às 11:12, Fernando Blankleder escreveu:
>
> Hi Ping Packets originated from Server are going out from LO, not
> ETH1, and tunnel only encrypts packets comming from ETH1
> You Need To Add a Route.
>
> Fernando
> Joao Pessoa - Paraiba
> Bra[z][s]il
>
> ----- Original Message -----
> From: Augusto Pizarro
> To: users at openswan.org
> Sent: Wednesday, February 07, 2007 9:11 AM
> Subject: [Openswan Users] Clients in the right network are OK
> but packtesfrom rightserver misroute
>
> Maybe a silly problem but for a stupid guy like me are a huge
> problem....
>
> The machines are not in production and the internet is
> emulated by another linux box with only ip_forward = 1.
>
> Right Network Right
> Server Left
> Server Left Network
> 10.210.21.0------10.210.21.1/192.168.200.100
> ---(internet)---200.178.78.1/10.20.10.60-----10.20.0.0
> eth1
> eth0
> eth0 eth1
>
> Any network test from the Right Clients to the Left Network
> are OK.
> Ane test directly from the Right Server to the Left Network
> are NOT OK.
>
> RESUMING: The Right clients are OK bur the Right server itself
> DONT!!! Really stupid!!
>
> The IPSEC tunnel is ok, the packets are encripted between the
> eth0's, but only if they come from the Right Network Clients.
> Another information, the Left Server can ping the Right Server
> but only if we do an "ping 10.210.21.1 -I eth1".
>
> In the IPTRAF I can see "ICMP dest unrch from 10.210.21.1 to
> 10.210.21.1 on lo" in the Right Server wen trying to ping the
> Left Server.
>
> Maybe I have to create another tunnel just for the traffic
> from the server to the Left Network.
>
> Regards,
> Augusto Pizarro
> Rio de Janeiro - Brazil
>
>
>
>
> ______________________________________________________________
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with
> Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
Augusto Pizarro
Analista de Suporte
55 21 3515-9751
Siemconsub
Av Rio Branco 108 - 28
Rio de Janeiro - RJ - Brazil
20040-001
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070207/8427b8dd/attachment-0001.html
More information about the Users
mailing list