[Openswan Users] Possible to move ipsec config to another host?
Jobst Schmalenbach
jobst at barrett.com.au
Mon Dec 20 09:40:58 EST 2010
Thanks, Paul, very much appreciated.
The "left=192.." works with "left=%defaultroute" as well.
However, I had to keep the "leftnexthop=150.101.215.42" as well ... I
can only *imagine *(I don't read much source code these days) that
because of the NAT in the modem
236.X (internet interface) -- 192.168.1.2 (modem port interface) --
192.168.1.1 (ETHX of the ipsec gateway behind modem, DMZ'ed)
Ipsec had no idea how to route this, so specifying the next hop as the
interface of the target machine would have "bridged" the mess of the
modem;-)
But yes, its working, thank you Paul.
Jobst
On 12/20/2010 03:24 PM, Paul Wouters wrote:
> On Mon, 20 Dec 2010, Jobst Schmalenbach wrote:
>
>> What I did NOT think of that the OLD network sits on OPTUS where the
>> ETHX card is the PUBLIC IPADDRESS (optus modems run in bridge mode)
>> while the new network sits on a network behind a ADSL router that has
>> a DMZ, so the ETHX card is 192.168.1.1 not 236.40.233.220 (my static
>> IP address provided by the ISP).
>
>> conn yorkstreet-2-barrett
>> left=236.40.233.220
>
> That should be left=192.168.1.1
>
>> leftsourceip=236.40.233.220
>> leftnexthop=150.101.215.42
>
> leave these out.
>
> Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101221/3ffd53cd/attachment.html
More information about the Users
mailing list