[Openswan Users] virtual subnet possible with klips stack?
Torsten Krah
tkrah at fachschaft.imn.htwk-leipzig.de
Thu Feb 19 13:27:27 EST 2009
Hi.
I did succeed setting my tunnel up, SA stablished. (2.6.28.6 kernel, 2.6.20
klips)
subnet configuration ist:
10.1.7.0/24 -> leftone <-------net -------> rightone <- 192.168.144.0/24
conn myexample
authby=secret
left=MYLEFTIP
leftsubnet=10.1.7.0/24
right=MYRIGHTIP
rightsubnet=192.168.144.0/24
pfs=yes
type=tunnel
Using netkey and racoon i can confirm that it works.
My real network however clash with the one on the other side, so 10.1.7.0/24
does not exist - its a virtual one create via POSTROUTING / PREROUTING nat
roules doing DNAT and SNAT.
I am not able to bring some paket on ipsec0 yet, it seems they are silently
dropped - is there some way i can debug this?
My snat and dnat rules are still there, but no paket does show up on ipsec0
where i expected to see something?
Any hints about this?
Torsten
--
Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge.
Siehe http://www.gnu.org/philosophy/no-word-attachments.de.html
Really, I'm not out to destroy Microsoft. That will just be a
completely unintentional side effect."
-- Linus Torvalds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1996 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20090219/5173328f/attachment-0001.bin
More information about the Users
mailing list