[Openswan Users] Gateways cannot access opposite networks - Openswan NETKEY
Stephen Gregory
openswan at kernelpanic.ca
Fri Aug 6 09:15:48 EDT 2010
On Fri, Aug 06, 2010 at 07:14:44PM +1200, Ryan Davies wrote:
>
> Client A can ping and access Server B and Client B
> Client B can ping and access Server A and Client A
>
> Server A cannot ping or access Server B and Client B
> Server B cannot ping or access Server A and Client A
I think you are just missing a server to server conn in ipsec.conf. It
is basically the same as the conn below without the leftsubnet and
rightsubnet directives.
> conn Tunnel-to-Millers
> type = tunnel
> auth=esp
> authby=secret
> left=a.b.c.d (Server A's Public IP)
> leftsubnet=192.168.1.0/24
> right=w.x.y.z (Server B's Pubic IP)
> rightsubnet=192.168.0.0/24
> esp=3des-md5
> rekey=yes
> keyingtries=3
> keyexchange=ike
> auto=start
I don't think you need the "type=" directive.
Why are you using 3des and md5?
> Im not sure if its routing or masquerading or what, when running a
you need to make sure that no IP is masqueraded when the destination
is the other network. OpenSwan should take care of the routing.
--
sg
More information about the Users
mailing list