[Openswan Users] Host to Host/Subnet tunnelling "error".

assiduus at poczta.internetdsl.pl assiduus at poczta.internetdsl.pl
Thu Jan 10 15:35:32 EST 2008


I'm trying to make openswan work in the following situation:

FirstUbuntu (Ubuntu 7.10 LIVE)  <-> Server (Gentoo 2007.1) <->
SecondUbuntu (Ubuntu 7.10 LIVE)

FirstUbuntu: eth0 default gw
Server: eth0, eth1, default gw
SecondUbuntu: eth0 default gw

conn FirstUbuntu-SecondUbuntu

conn FirstUbuntu-Server
	(RSA keys for both ends)

FirstUbuntu: (default), Openswan 2.4.6 (package)
Server:, Openswan 2.4.11 (both installed manually)
Both use NETKEY

I imagined that through this configuration I would be able to reflect a
real-life situation with two servers (FirstUbuntu and Server) in which the
first server would have an encrypted connection to both the second server
and its directly connected subnet. As long as the host to host scenario
worked fine in both directions, the second scenario did not. I could only
use the host to subnet tunnel in one direction (SecondUbuntu to
FirstUbuntu). When I tried to ping the SecondUbuntu from the First one the
packets were not encrypted. Before I send any further pieces of
information (logs, etc.) I'd like to ask if there is maybe something
fundamentally wrong with what I've just written so I won't waste your/my
time and fix what needs to be fixed. ;)

P.S. I'd read the appropriate chapters from "Building and Integrating
Virtual Private Networks with Openswan" before I configured the aforesaid
LAN (which certainly isn't a sophisticated one;) so I guess I messed
things up somewhere in the middle.



More information about the Users mailing list