[Openswan Users] Possible to move ipsec config to another host?
jobst at barrett.com.au
Mon Dec 20 09:40:58 EST 2010
Thanks, Paul, very much appreciated.
The "left=192.." works with "left=%defaultroute" as well.
However, I had to keep the "leftnexthop=22.214.171.124" as well ... I
can only *imagine *(I don't read much source code these days) that
because of the NAT in the modem
236.X (internet interface) -- 192.168.1.2 (modem port interface) --
192.168.1.1 (ETHX of the ipsec gateway behind modem, DMZ'ed)
Ipsec had no idea how to route this, so specifying the next hop as the
interface of the target machine would have "bridged" the mess of the
But yes, its working, thank you Paul.
On 12/20/2010 03:24 PM, Paul Wouters wrote:
> On Mon, 20 Dec 2010, Jobst Schmalenbach wrote:
>> What I did NOT think of that the OLD network sits on OPTUS where the
>> ETHX card is the PUBLIC IPADDRESS (optus modems run in bridge mode)
>> while the new network sits on a network behind a ADSL router that has
>> a DMZ, so the ETHX card is 192.168.1.1 not 126.96.36.199 (my static
>> IP address provided by the ISP).
>> conn yorkstreet-2-barrett
> That should be left=192.168.1.1
> leave these out.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users