[Openswan Users] routing problem?
Willie Gillespie
wgillespie+openswan at es2eng.com
Tue Jun 29 16:40:08 EDT 2010
rank jansen wrote:
> Hi folks,
>
> we want to build up an vpn connection between two LANs. Our setup is as
> follows:
>
> 10.11.220.10/32 (other company LAN) --- 80.148.46.1xx (other company
> gateway) ======= 85.214.66.xx (our company gateway)---- 10.29.161.0/24
> (our company LAN)
>
> From a machine in our company LAN e.g. 10.29.161.10 i can't ping or
> access any service on the opposite site at 10.11.220.10.
>
> routing entries also exists:
> at our gateway:
> Kernel-IP-Routentabelle
> Ziel Router Genmask Flags Metric Ref Use
> Iface
> 85.214.64.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
> 10.11.220.10 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
> 10.29.161.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 0.0.0.0 85.214.64.1 0.0.0.0 UG 0 0 0 eth0
>
> at one LAN machine:
> 10.11.220.0 10.29.161.12 255.255.255.0 UG 0 0 0 eth1
> 10.29.161.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
>
> IPv4 forwarding is enabled on the gateway. If i ping from a LAN machine,
> i can see traffic on the external interface (eth0) at the gateway, but
> it seems to go in the nirvana:
Yes, it kind of looks like a routing problem to me.
First off, is that a typo you have at the top with the "other company
LAN"? You say it's 10.11.220.10/32, which would be a single machine
instead of a LAN.
Anyway, with my setup, Openswan adds the routes for the entire subnet
rather than a single host like you have listed above
(10.11.220.10/255.255.255.255).
Do you mind posting your ipsec.conf?
More information about the Users
mailing list