[Openswan Users] Fedora 8 and Netscreen
Michael Lavallee
mlavalle at hotmail.com
Thu May 8 14:43:27 EDT 2008
Peter McGill wrote:
> However, the subnet definitions your using only route traffic
> between two computers (192.168.3.1 and 192.127.220.100) through the tunnel.
> All other traffic will use the internet without encryption.
> You need to run the traceroute and telnet from your 192.168.3.1 machine.
> And you can only communicate with 192.127.220.100 on the remote end, nothing else.
> If 192.168.3.1 is also the computer which runs openswan then add this:
> leftsourceip=192.168.3.1
> Otherwise linux will default to the internet address as the source and it won't go
> through the tunnel.
>
192.168.3.1 is the computer that runs openswan, so I added the
leftsourceip and restarted the service and the tunnel came back up
okay. From that box (192.168.3.1) I tried to telnet to the other side
(192.127.220.100) but it failed, so I ran a traceroute, and it still
shows the traffic going outside the tunnel, which from what I think I
know, is wrong.
traceroute to 192.127.220.100 (192.127.220.100), 30 hops max, 40 byte
packets
1 nrba-dsl.onlink.net (209.105.204.1) 28.219 ms 28.181 ms 29.970 ms
2 10.127.2.1 (10.127.2.1) 32.134 ms 34.034 ms 37.471 ms
3 10.127.0.22 (10.127.0.22) 37.885 ms 39.817 ms 41.228 ms
4 sdbrem02.ontera.ca (209.105.192.217) 42.153 ms * *
5 * * *
I have the ipsec_barf, I wasn't sure if it was appropriate to post it
here (message size) so I stuck it up at
http://www.stellarimagination.com/ipsec_barf.txt
More information about the Users
mailing list