[Openswan Users] Multiple VPN connections, possible routing issue?
Alan Murrell
lists at murrell.ca
Thu Mar 29 10:52:15 EDT 2007
Hello,
We have one main site and three remote ones. We are only interested in having
the remote sites talk to the main site and not (yet) have the various sites
talking to each other.
Here is what we have so far:
main site: 10.175.0.0/24
site1: 10.175.1.0/24
site2: 10.175.2.0/24
site3: 10.175.3.0/24
(the above are the private LAN subnets of each site). OpenSWAN is running on
the firewall machines at each site (Soekris boxen running identical Debian
images and IPTables)
We have the site-to-site VPN working perfectly between the main site and site1
(traffic going both ways, able to ping hosts on either side from the two
subnets, access services, connect to hosts/PCS, etc.)
With regards to the other sites (site2 and site3)....
- The tunnels do get established
- From the remote site gateways I am able to ping the hosts/PCs on the main
site's subnet but cannot access services
- From the main site's gateway and LAN I am able to ping the private IP of
the remote sites' gateway (10.175.xxx.254)
- From the main site's gateway and LAN I am unable to ping any hosts/PCs
beyond the remote sites' gateway (with one exception: I am able to ping one
host on the 10.175.3.0/24 subnet, but cannot connect to it, though I can if I
am on the local subnet)
- The site2 and site3 routing and IPTables rules are *identical* to that of
site1 (which is wroking 100%). Of course the only difference with the
routing tables are the local subnets and ISP gateways.
I feel I am close but missing something. I suspect you need more information,
such as configs, log files entries, etc., but I am not sure which of those,
exactly, you would like. Please just let me know and I will post them for
you.
I look forward to hearing back from you.
-Alan M.
-
More information about the Users
mailing list