[Openswan Users] Routing to non open swan networks
Ian Cottee
icottee at bluefountain.com
Mon Apr 20 09:27:19 EDT 2009
I've had an OpenSwan/FreeSwan setup for quite a while. A customer of
ours has a main office in Brussels and a satellite office in France.
We connected the two together and due to history their main office is
running a different version from the other.
On the main office ipsec --version is showing me:
Linux FreeS/WAN U2.04/K(no kernel code presently loaded)
The brussels office shows me
Linux Openswan U2.4.9/K2.6.24-19-server (netkey)
A little bit further along the line the office in Brussels had an
external router connection to Japan put in and they asked us to allow
for the users in France to connect through to it. I managed to get the
VPNs to allow this although it took me a while. By looking at the
configs it appears I duplicated the connection for Brussels to Europe
on both sides and just changed the europe side subnet to be the
Japanese network subnet. Then I did a "route add" on the Belgian
firewall to route traffic to the Japanese router for the Japanese
network. It worked, to my amazement.
Now we have two new offices running Ubuntu Hardy Heron. ipsec version gives me.
Linux Openswan U2.4.9/K2.6.24-19-server (netkey)
For the life of I can't get these new offices to talk to the Japanese
network. The VPN connects, can talk to the Brussels office network but
won't route through to Japan. Firewall rules seem fine, routing rules
seem fine but I'm not even seeing packets attempt to hit the other
side of the vpn. So before pouring out piles of barf and stuff can I
ask a couple of simple questions:
1. Would moving all nodes to the same version make this easier?
2. Is what I am trying to do documented specifically somewhere.
I've been through loads of docs. The closest I've found has been
http://wiki.openswan.org/index.php/Openswan/MultipleTunnelsBetweenTheSameTwoGateways
I can't get it to work but it would be helpful to know that is
basically what I'm trying to replicate.
Any advice gratefully received - and if necessary I'll do a full list
of the configs but would like to try and make some headway myself.
Ian
More information about the Users
mailing list