[Openswan Users] Multiple VPN connections, possible routing issue?

Alan Murrell lists at murrell.ca
Thu Mar 29 10:52:15 EDT 2007


We have one main site and three remote ones.  We are only interested in having 
the remote sites talk to the main site and not (yet) have the various sites 
talking to each other.

Here is what we have so far:

  main site:

(the above are the private LAN subnets of each site).  OpenSWAN is running on 
the firewall machines at each site (Soekris boxen running identical Debian 
images and IPTables)

We have the site-to-site VPN working perfectly between the main site and site1 
(traffic going both ways, able to ping hosts on either side from the two 
subnets, access services, connect to hosts/PCS, etc.)

With regards to the other sites (site2 and site3)....

  - The tunnels do get established
  - From the remote site gateways I am able to ping the hosts/PCs on the main 
site's subnet but cannot access services 
  - From the main site's gateway and LAN I am able to ping the private IP of 
the remote sites' gateway (10.175.xxx.254)
  - From the main site's gateway and LAN I am unable to ping any hosts/PCs 
beyond the remote sites' gateway (with one exception: I am able to ping one 
host on the subnet, but cannot connect to it, though I can if I 
am on the local subnet)
  - The site2 and site3 routing and IPTables rules are *identical* to that of 
site1 (which is wroking 100%).  Of course the only difference with the 
routing tables are the local subnets and ISP gateways.

I feel I am close but missing something.  I suspect you need more information, 
such as configs, log files entries, etc., but I am not sure which of those, 
exactly, you would like.  Please just let me know and I will post them for 

I look forward to hearing back from you.

-Alan M.


More information about the Users mailing list