[Openswan Users] Fedora 8 and Netscreen
mlavalle at hotmail.com
Thu May 8 14:43:27 EDT 2008
Peter McGill wrote:
> However, the subnet definitions your using only route traffic
> between two computers (192.168.3.1 and 220.127.116.11) through the tunnel.
> All other traffic will use the internet without encryption.
> You need to run the traceroute and telnet from your 192.168.3.1 machine.
> And you can only communicate with 18.104.22.168 on the remote end, nothing else.
> If 192.168.3.1 is also the computer which runs openswan then add this:
> Otherwise linux will default to the internet address as the source and it won't go
> through the tunnel.
192.168.3.1 is the computer that runs openswan, so I added the
leftsourceip and restarted the service and the tunnel came back up
okay. From that box (192.168.3.1) I tried to telnet to the other side
(22.214.171.124) but it failed, so I ran a traceroute, and it still
shows the traffic going outside the tunnel, which from what I think I
know, is wrong.
traceroute to 126.96.36.199 (188.8.131.52), 30 hops max, 40 byte
1 nrba-dsl.onlink.net (184.108.40.206) 28.219 ms 28.181 ms 29.970 ms
2 10.127.2.1 (10.127.2.1) 32.134 ms 34.034 ms 37.471 ms
3 10.127.0.22 (10.127.0.22) 37.885 ms 39.817 ms 41.228 ms
4 sdbrem02.ontera.ca (220.127.116.11) 42.153 ms * *
5 * * *
I have the ipsec_barf, I wasn't sure if it was appropriate to post it
here (message size) so I stuck it up at
More information about the Users