[Openswan Users] Cannot see opposite subnet from VPN server
Paul Wouters
paul at xelerance.com
Fri May 16 09:52:17 EDT 2008
On Thu, 15 May 2008, Matthew Hall wrote:
> > I know that one cannot ping the actual vpn server(s) themselves, so the
> > above would be normal.
> > But, it also appears the VPN servers themselves cannot see anything in
> > the opposite subnet. Is there a way around this ?
> >
> > I need to pull something from one machine in the 10.243.102.x subnet
> > onto the 10.249.100.20 machine.
>
> This will be because when it's pinging the other side, the source
> address is not in the local range provided by the vpn - ie. it's source
> address will be whatever the IP is of the interface with your default
> gateway, so it doesn't get routed over the vpn.
>
> If you bind the ping to it's 'inside' interface it should work - ie.
> ping 10.243.102.x -I 10.249.100.20.
>
> You can workaround this by setting the 'defaultsource' for pluto; on
A better was is to specify leftsourceip= and rightsourceip= in the conn,
Setting it globally would limit you you to do this only on one conn.
Paul
More information about the Users
mailing list