[Openswan Users] Possible to move ipsec config to another host?
Paul Wouters
paul at xelerance.com
Mon Dec 20 13:31:52 EST 2010
On Tue, 21 Dec 2010, Jobst Schmalenbach wrote:
> The "left=192.." works with "left=%defaultroute" as well.
>
> However, I had to keep the "leftnexthop=150.101.215.42" as well ... I can only imagine (I don't read much source
> code these days) that because of the NAT in the modem
Since 150.101.215.42 cannot be the default gateway of your 192.168.xxxx IP, that makes no sense.
> 236.X (internet interface) -- 192.168.1.2 (modem port interface) -- 192.168.1.1 (ETHX of the ipsec gateway behind
> modem, DMZ'ed)
>
> Ipsec had no idea how to route this, so specifying the next hop as the interface of the target machine would have
> "bridged" the mess of the modem;-)
Then it seems to be the nexthop should be 192.168.1.2, not 150.101.215.42.
Paul
More information about the Users
mailing list