[Openswan Users] I think I need a passthough connection

[Chris Patch]

I have a medical clinic with 5mbit feed

my main connection looks like this

Internet -------main clinic router------Private fiber--------remote clinic router

Both the main clinic router and remote clinic router run centos-5.8 with openswan 2.4.15 for the main clinic and 2.6.38 for the remote clinic.

This is the config file from the remote clinic router


version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        nat_traversal=no
        nhelpers=0
        uniqueids=yes
        protostack=netkey
        oe=off

conn %default
        keyingtries=0
        disablearrivalcheck=no
        authby=secret
        auto=start
        ikelifetime=8h
        keylife=24h
        compress=no
        pfs=no
        ike=aes128-sha1
        esp=aes128-sha1

conn newtongrove
        left=192.168.201.2
        leftsubnet=192.168.171.0/24
        right=192.168.201.1
        rightsubnet=0.0.0.0/0
        leftsourceip=192.168.171.254




The hosts on 192.168.171.0/24 can talk to anything......EXCEPT the inside interface 192.168.171.254.   The initial dhcp requests work...but dhcp renewals fail. (ip vs udp ?)


I think I need to define a passthough for the 192.168.171.0/24 network so it can  communicate with 192.168.171.254.


If I disable ipsec the hosts can communicate with the inside of their own firewall.

Thanks  for your advice !

Chris Patch


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120412/88aa68bc/attachment-0001.html>