[Openswan Users] Openswan 2.4.6 (Ubuntu) to Sonicwall Standard with XAUTH: Multiple subnet routing problems
Chris Zimmerman
czimmer at wczimmerman.dyndns.org
Thu Apr 24 20:32:56 EDT 2008
I have been fighting through this setup for more than a week now and I'm at
a brick wall.
My setup:
my.ip-----------1.1.1.1(sonicwall)========[192.168.1.0/24
[--------[
192.168.1.1(router)192.168.2.1]----------192.168.2.0/24
I am connected to the internet over an aircard using Ubuntu, so no NAT'ing
is in the way on my end. I need to establish a tunnel from my machine to
the sonicwall to gain access to the 192.168.1.0 AND 192.168.2.0 networks. I
am using XAUTH on the Sonicwall and it has NAT traverse enabled. I can
successfully authenticate and connect to the 192.168.1.0 network and I can
ping 192.168.1.1. I can also ping 192.168.2.1 (other interface on the
router) but I cannot ping any other IP's on the 2.0 network. This
connection is using the GroupVPN SA on the Standard OS Sonicwall. How do I
configure this?
Here's my ipsec.conf config:
config setup
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
conn net1
left=my.ip
leftid=@home
leftxauthclient=yes
right=ip.sonicwall (internet)
rightsubnet=192.168.1.0/24
rightxauthserver=yes
rightid=@sonicwall identifier
<snip auth lines>
conn net2
left=my.ip
leftid=@home
leftxauthclient=yes
right=ip.sonicwall (internet)
rightsubnet=192.168.2.0
rightxauthserver=yes
rightid=@sonicwall identifier
<snip auth lines>
I've read through countless mailing lists and google links and the openswan
wiki, but I cannot figure out how to get this working. It has to be a
routing issue but I am still unfamiliar with ipsec so I am unsure of what to
change.
ANY assistance would be great!!
I would also like to know what, if anything, would need to change for me to
connect this tunnel when my machine (laptop) is behind a firewall, too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080424/069d5805/attachment.html
More information about the Users
mailing list