[Openswan Users] VPN one way encryption
Bram H
groenblik at gmail.com
Tue Apr 21 00:51:13 EDT 2009
Ok, I will clearify the the setup. I have an UMTS modem, which will receive
a new IP adres every 24 hours. This modem is connected to a gateway machine.
Berhind the gateway machine there are 2 other PC's. The gateway has IP
addres 10.0.1.1, de PC's have 10.0.1.10 and 10.0.1.11. For both PC's the
default gateway is 10.0.1.1. Besides that, I have one central machine where
the roadwarrior network should connect to.
>From the central server I can ping to 10.0.1.11 for example, I see esp
packages when using tcpdump. when I ping from 10.0.1.1 to the central
server, I see plain ICMP packages.
The default gateway on the roadwarrior gateway is set to the gateway of the
provider.
Bram
On Tue, Apr 21, 2009 at 2:07 AM, Paul Wouters <paul at xelerance.com> wrote:
> On Mon, 20 Apr 2009, Bram H wrote:
>
> I have a sort of working roadwarrior setup. I used
>> http://www.natecarlson.com/linux/ipsec-x509.php to get it working (a few
>> errors in the
>> document). My roadwarrior consists of multiple PC's in a network, the
>> gateway on that network connects to a central server. Both gateway
>> and server are running openswan. So it must be possible to access the
>> server from the pc's in the roadwarrior network and to access all of
>> the PC's from the server.
>>
>
> Not sure I understand the setup.....
>
> Well, it works one way. I can connect to all of the client PC's from the
>> server. With TCPDUMP I see esp packages traveling trough the
>> network. But when I ping the server from one of the clients the traffic is
>> just plain, it used the normal internet connection and not the
>> tunnel.
>>
>
> If the clients are using a default gateway that is not the openswan box,
> then
> you would see this. You would either need to add a route on the gateway to
> the openswan box, or add a route on the clients to the openswan box.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090421/34bde264/attachment-0001.html
More information about the Users
mailing list