[Openswan Users] Possible to move ipsec config to another host?

Paul Wouters paul at xelerance.com
Mon Dec 20 13:31:52 EST 2010


On Tue, 21 Dec 2010, Jobst Schmalenbach wrote:

> The "left=192.." works with "left=%defaultroute" as well.
> 
> However, I had to keep the "leftnexthop=150.101.215.42" as well ... I can only imagine (I don't read much source
> code these days) that because of the NAT in the modem

Since 150.101.215.42 cannot be the default gateway of your 192.168.xxxx IP, that makes no sense.

>  236.X (internet interface) -- 192.168.1.2 (modem port interface) -- 192.168.1.1 (ETHX of the ipsec  gateway behind
> modem, DMZ'ed)
> 
> Ipsec had no idea how to route this, so specifying the next hop as the interface of the target machine would have
> "bridged" the mess of the modem;-)

Then it seems to be the nexthop should be 192.168.1.2, not 150.101.215.42.

Paul


More information about the Users mailing list