[Openswan Users] Cannot see opposite subnet from VPN server
Peter McGill
petermcgill at goco.net
Thu May 15 15:59:09 EDT 2008
Arjun,
Assuming:
conn ...
leftsubnet=10.243.102.0/24
rightsubnet=10.249.100.0/24
Then add:
leftsourceip=10.243.102.230
rightsourceip=10.249.100.20
Peter McGill
IT Systems Analyst
Gra Ham Energy Limited
________________________________
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Arjun Datta
Sent: May 15, 2008 3:24 PM
To: users at openswan.org
Subject: [Openswan Users] Cannot see opposite subnet from VPN server
Hi,
I have a VPN tunnel established between two subnets:
10.243.102.x - the vpn server is 10.243.102.230 - 2.6.22.9-61.fc6, Linux Openswan U2.4.5/K2.6.22.9-61.fc6 (netkey)
10.249.100.x - the vpn server is 10.249.100.20 - 2.6.23.15-80.fc7, Linux Openswan U2.4.7/K2.6.23.15-80.fc7 (netkey)
I find that:
I cannot ping anything in the 10.243.102.x subnet from the 10.249.100.20 machine itself
I can, obviously, ping anything in the 10.243.102.x subnet from any other machine in the 10.249.100.x subnet.
I can ping 10.249.100.20 from any machine in the 10.243.102.x subnet.
The converse is also true:
I cannot ping anything in the 10.249.100.x subnet from the 10.243.102.230 machine itself
I can, obviously, ping anything in the 10.249.100.x subnet from any other machine in the 10.243.102.x subnet.
I can ping 10.243.102.230 from any machine in the 10.249.100.x subnet.
I know that one cannot ping the actual vpn server(s) themselves, so the above would be normal.
But, it also appears the VPN servers themselves cannot see anything in the opposite subnet. Is there a way around this ?
I need to pull something from one machine in the 10.243.102.x subnet onto the 10.249.100.20 machine.
--
Regards,
Arjun Datta
More information about the Users
mailing list