[Openswan Users] leftsubnet 0.0.0.0/0
proxy06 at gmail.com
Thu Sep 1 15:00:08 EDT 2011
In essence, I want to establish single IPsec tunnel between two
computers which both have static IP addresses 18.104.22.168 FIRST and
I would like the SECOND to route all it's traffic through the FIRST
via IPsec tunnel. This way it would appear as if all the traffic is
originating from the FIRST computer.
I've read about extruded subnets which seems to be a solution but I
would like not to "extrude" any IPs from my FIRST machine.
On Thu, Sep 1, 2011 at 8:33 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Thu, 1 Sep 2011, James Taylor wrote:
>> I am trying to implement the following configuration:
>> 000 "LS-NET-PSK":
>> unrouted; eroute owner: #0
>> ... which means that my VPN server (22.214.171.124) is configured to
>> accept connections from any client and that the left private subnet is
>> the whole Internet.
>> I want all client machines, once connected, to send all their traffic
>> through VPN server.
>> Configuration file looks as follows:
>> conn LS-NET-PSK
> Does this connection even load? how should this end know if it is "left" or
> You say later these servers are on public ip. If that is static, just
> that into you left/right options.
>> Now I am configuring another server as a client to pass all the
>> traffic through the VPN server.
>> My second server has real Internet IP 126.96.36.199. It is not behind NAT.
>> Second server configuration file below:
>> conn LS-NET-PSK-CLIENT
>> Now if I establish the connection, my second server starts sending ESP
>> packets through the VPN server 188.8.131.52
>> I can see it with tcpdump.
>> The problem is that target server, which has the IP address
>> 184.108.40.206 does not route response through the VPN server
>> Instead target server tries to communicate directly to the 220.127.116.11
>> over unencrypted channel
> So you have chained them?
> I am not sure what you are trying to do here.
> clients--->vpn1---->vpn2----> internet ?
> defaultroute/0.0.0.0 --> 0.0.0.0/0.0.0.0 -> 0.0.0.0/.0.0.0.0 -> internet ?
> vpn1 cannot be both 0.0.0.0/0 for one side and the other side. How would it
> know where to send a packet for 18.104.22.168 to?
More information about the Users