[Openswan Users] routing problem?
Frank Jansen
jansen at fumarium.de
Wed Jun 30 04:14:08 EDT 2010
Yes, only a single machine in the other companys LAN is reachable.
My ipsec.conf: http://pastie.org/1024716
Am 29.06.2010 22:40, schrieb Willie Gillespie:
> rank jansen wrote:
>> Hi folks,
>>
>> we want to build up an vpn connection between two LANs. Our setup is
>> as follows:
>>
>> 10.11.220.10/32 (other company LAN) --- 80.148.46.1xx (other company
>> gateway) ======= 85.214.66.xx (our company gateway)----
>> 10.29.161.0/24 (our company LAN)
>>
>> From a machine in our company LAN e.g. 10.29.161.10 i can't ping or
>> access any service on the opposite site at 10.11.220.10.
>>
>> routing entries also exists:
>> at our gateway:
>> Kernel-IP-Routentabelle
>> Ziel Router Genmask Flags Metric Ref
>> Use Iface
>> 85.214.64.1 0.0.0.0 255.255.255.255 UH 0 0
>> 0 eth0
>> 10.11.220.10 0.0.0.0 255.255.255.255 UH 0 0
>> 0 eth0
>> 10.29.161.0 0.0.0.0 255.255.255.0 U 0 0
>> 0 eth1
>> 0.0.0.0 85.214.64.1 0.0.0.0 UG 0 0
>> 0 eth0
>>
>> at one LAN machine:
>> 10.11.220.0 10.29.161.12 255.255.255.0 UG 0 0
>> 0 eth1
>> 10.29.161.0 0.0.0.0 255.255.255.0 U 0 0
>> 0 eth1
>>
>> IPv4 forwarding is enabled on the gateway. If i ping from a LAN
>> machine, i can see traffic on the external interface (eth0) at the
>> gateway, but it seems to go in the nirvana:
>
> Yes, it kind of looks like a routing problem to me.
> First off, is that a typo you have at the top with the "other company
> LAN"? You say it's 10.11.220.10/32, which would be a single machine
> instead of a LAN.
>
> Anyway, with my setup, Openswan adds the routes for the entire subnet
> rather than a single host like you have listed above
> (10.11.220.10/255.255.255.255).
>
> Do you mind posting your ipsec.conf?
--
More information about the Users
mailing list