[Openswan Users] Cannot see opposite subnet from VPN server
Matthew Hall
matt at castleinthesky.org
Fri May 16 15:09:09 EDT 2008
Paul Wouters wrote:
> On Thu, 15 May 2008, Matthew Hall wrote:
>
>>> I know that one cannot ping the actual vpn server(s) themselves, so the
>>> above would be normal.
>>> But, it also appears the VPN servers themselves cannot see anything in
>>> the opposite subnet. Is there a way around this ?
>>>
>>> I need to pull something from one machine in the 10.243.102.x subnet
>>> onto the 10.249.100.20 machine.
>> This will be because when it's pinging the other side, the source
>> address is not in the local range provided by the vpn - ie. it's source
>> address will be whatever the IP is of the interface with your default
>> gateway, so it doesn't get routed over the vpn.
>>
>> If you bind the ping to it's 'inside' interface it should work - ie.
>> ping 10.243.102.x -I 10.249.100.20.
>>
>> You can workaround this by setting the 'defaultsource' for pluto; on
>
> A better was is to specify leftsourceip= and rightsourceip= in the conn,
> Setting it globally would limit you you to do this only on one conn.
I didn't know that existed - makes my life easier :)
Thanks Paul.
Matt
More information about the Users
mailing list