[Openswan Users] Host to Host/Subnet tunnelling "error".

assiduus at poczta.internetdsl.pl assiduus at poczta.internetdsl.pl
Thu Jan 10 15:35:32 EST 2008


Hello.

I'm trying to make openswan work in the following situation:

FirstUbuntu (Ubuntu 7.10 LIVE)  <-> Server (Gentoo 2007.1) <->
SecondUbuntu (Ubuntu 7.10 LIVE)

FirstUbuntu: eth0 10.1.1.2/29 default gw 10.1.1.1
Server: eth0 10.1.1.1/29, eth1 10.2.2.1/29, default gw 10.1.1.2
SecondUbuntu: eth0 10.2.2.2/29 default gw 10.2.2.1

conn FirstUbuntu-SecondUbuntu
	rightsubnet=10.2.2.0/29
	also=Laptop-Server

conn FirstUbuntu-Server
	left=10.1.1.2
	right=10.1.1.1
	(RSA keys for both ends)
	auto=start

FirstUbuntu: 2.6.22.14 (default), Openswan 2.4.6 (package)
Server: 2.6.22.15, Openswan 2.4.11 (both installed manually)
Both use NETKEY

I imagined that through this configuration I would be able to reflect a
real-life situation with two servers (FirstUbuntu and Server) in which the
first server would have an encrypted connection to both the second server
and its directly connected subnet. As long as the host to host scenario
worked fine in both directions, the second scenario did not. I could only
use the host to subnet tunnel in one direction (SecondUbuntu to
FirstUbuntu). When I tried to ping the SecondUbuntu from the First one the
packets were not encrypted. Before I send any further pieces of
information (logs, etc.) I'd like to ask if there is maybe something
fundamentally wrong with what I've just written so I won't waste your/my
time and fix what needs to be fixed. ;)

P.S. I'd read the appropriate chapters from "Building and Integrating
Virtual Private Networks with Openswan" before I configured the aforesaid
LAN (which certainly isn't a sophisticated one;) so I guess I messed
things up somewhere in the middle.

Cheers,

-- 
assiduus



More information about the Users mailing list