[Openswan Users] I think I need a passthough connection
Tuomo Soini
tis at foobar.fi
Fri Apr 13 14:55:23 EDT 2012
On Thu, 12 Apr 2012 21:41:57 +0000
Chris Patch <chrispatch at intrstar.net> wrote:
> I have a medical clinic with 5mbit feed
>
> my main connection looks like this
>
> Internet -------main clinic router------Private fiber--------remote
> clinic router
>
> Both the main clinic router and remote clinic router run centos-5.8
> with openswan 2.4.15 for the main clinic and 2.6.38 for the remote
> clinic.
>
> This is the config file from the remote clinic router
>
>
> version 2.0 # conforms to second version of ipsec.conf
> specification
>
> # basic configuration
> config setup
> nat_traversal=no
> nhelpers=0
> uniqueids=yes
> protostack=netkey
> oe=off
>
> conn %default
> keyingtries=0
> disablearrivalcheck=no
> authby=secret
> auto=start
> ikelifetime=8h
> keylife=24h
> compress=no
> pfs=no
> ike=aes128-sha1
> esp=aes128-sha1
>
> conn newtongrove
> left=192.168.201.2
> leftsubnet=192.168.171.0/24
> right=192.168.201.1
> rightsubnet=0.0.0.0/0
> leftsourceip=192.168.171.254
>
>
>
>
> The hosts on 192.168.171.0/24 can talk to anything......EXCEPT the
> inside interface 192.168.171.254. The initial dhcp requests
> work...but dhcp renewals fail. (ip vs udp ?)
>
>
> I think I need to define a passthough for the 192.168.171.0/24
> network so it can communicate with 192.168.171.254.
>
>
> If I disable ipsec the hosts can communicate with the inside of their
> own firewall.
>
> Thanks for your advice !
Yes, you really seem to need passthrough connection.
Try following:
conn localnet
left=192.168.171.254
leftsubnet=192.168.171.0/24
right=0.0.0.0
rightsubnet=192.168.171.0/24
authby=never
type=passthrough
auto=route
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Users
mailing list