[Openswan Users] Not able to ping other subnet
Dennis van der Meer
dennisvandermeer at greenchem-adblue.com
Fri Mar 19 04:40:42 EDT 2010
I have the following situation:
We have several sales offices that connect to our head office via an
ipsec connection, which is
established by a Draytek router. On our server side we have a Linux
server running with openswan
(Linux Openswan U2.6.20/K188.8.131.52-smp (netkey)).
Our head office internal network range is 192.168.2.x/24 and our sales
offices are in the range of
10.0.x.0/24. So, e.g.:
Remote office LAN 1
Draytek router (10.0.2.1)
Linux server (ext. ip: a.b.c.d)
Head office LAN
The remote offices are for the most part connected to internet with a
dynamic ip address (roadwarrior)
and so I have used an ID to keep them apart.
My ipsec.conf file is as followed:
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $
# This file: /usr/local/share/doc/openswan/ipsec.conf-sample
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
left=a.b.c.d (=external ip Linux server)
leftsourceip=192.168.2.3 (=internal LAN address Linux server)
leftsubnet=192.168.2.0/24 (=internal subnet on head office side)
right=%any (=other side uses dynamic ip so have
to use %any here)
rightsourceip=10.0.2.1 (=local ip address of Draytek router
from other side)
rightsubnet=10.0.2.0/24 (=local subnet of remote office 1)
rightid=@RemoteOffice1 (=ID for office to identify which
tunnel to use)
And there are more offices configured in the file but they are much the
same, except for the subnet.
The Draytek routers can connect without any problem and I can ping the
remote subnets from the Linux server.
I can also ping the remote computers in the remote offices from the Head
It is however not possible to ping a system in Remote Office 2 from
Remote Office 1:
e.g. In Remote Office 1: ping 10.0.3.1
After using a "tcpdump -n icmp" I saw that traffic is going from the
computer in Remote Office 1 to the Linux server
but from there it doesn't travel to the Remote Office 2.
How will I be able to access services in Remote Office 2 from Remote
Office 1 (e.g. ping or access to a web server)?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users