[Openswan Users] Could I expect this to work in my LAN
Paul Wouters
paul at xelerance.com
Thu Feb 8 15:28:37 EST 2007
On Thu, 8 Feb 2007, Brett Curtis wrote:
> I was actually able to test this conn with an external machine. Works fine..
> Only thing I had to change was my firewall masquerade line to exclude the
> remote subnet. and visa versa..
I dount traffic is getting encrypted. If hosts know where to find 172.17.187.1
then they also know how to find 172.17.187.0/24, and wont use the ipsec tunnel.
> On 13:49 Thu 08 Feb , Brett Curtis wrote:
> > I am testing a conn currently inside my LAN. This is the config
> >
> > conn portland-tenn
> > type=tunnel
> > authby=rsasig
> > left=172.17.187.225
> > leftsubnet=172.19.187.0/24
> > leftid=@tenn.remote.net
> > leftrsasigkey=0sAQOdXXXXXXXXXXXXXXXX
> > leftnexthop=%defaultroute
> > right=172.17.187.1
> > rightsubnet=172.17.187.0/24
> > rightid=@port.local.net
> > rightrsasigkey=0sAQNXXXXXXXXXXXXXXXXXX
> > rightnexthop=%defaultroute
> > rekey=yes
> > auto=add
> >
> > I use the same conn for both sides. What I am hoping for is the ability to
> > ping 172.19.187.1 from right. I can not. The connection starts up fine but I
> > do not see any added routes in my routing table.
> >
> > Do I need to add my own routes? Or am I just way off thinking this will work?
> >
> > Eventually this machine will be external and from each subnet I will want to
> > reach the other subnet over the tunnel.
> >
> > TIA
> > --
> >
> > Created with VIM & mutt.
> >
> > "First things first -- but not necessarily in that order"
> > -- The Doctor, "Doctor Who"
>
>
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list