[Openswan Users] openswan and "one armed" routing question.
jason at monsterjam.org
jason at monsterjam.org
Thu Jul 26 15:42:30 EDT 2012
hey, we are trying something somewhat insane here.. we have an ssh vpn/tunnel established between 2 linux hosts with
/usr/bin/ssh -w0:0 10.81.114.142
and on server one, we have
tun0 192.168.1.1 netmask 255.255.255.252
and server two has
tun0 192.168.1.2 netmask 255.255.255.252
thats all fine and dandy, but what we want to do is run the openswan ipsec THROUGH this ssh vpn..
for instance, we have
server one with eth0 of addr:10.81.114.89 on 10.81.114.65/27
server two with eth0 of addr:10.81.114.142 on 10.81.114.129/27
so my question is.. can openswan with netkey act as a one armed router in this instance and tunnel traffic between
the 2 networks.. i.e. in my ipsec.conf (server one) config, we have
# basic configuration
config setup
protostack=netkey
nat_traversal=yes
virtual_private=%v4:!192.168.0.0/16,%v4:10.81.114.64/27
conn mytunnel
type=tunnel
left=192.168.1.1
Right=192.168.1.2
leftsubnet=10.81.114.64/27
rightsubnet=10.81.114.128/27
leftnexthop=%defaultroute
rightnexthop=%defaultroute
auto=start
authby=secret
server two config
# basic configuration
config setup
protostack=netkey
nat_traversal=yes
virtual_private=%v4:!192.168.0.0/16,%v4:10.81.114.128/27
conn mytunnel
type=tunnel
left=192.168.1.1
Right=192.168.1.2
leftsubnet=10.81.114.64/27
rightsubnet=10.81.114.128/27
leftnexthop=%defaultroute
rightnexthop=%defaultroute
auto=start
authby=secret
using shared keys for the authentication, i keep getting stuck at
000 "Tunnel": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 #3: "Tunnel":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 6s; nodpd; idle; import:admin initiate
000 #3: pending Phase 2 for "Tunnel" replacing #0
000 #3: pending Phase 2 for "Tunnel" replacing #0
000 #3: pending Phase 2 for "Tunnel" replacing #0
suggestions? has anyone done this before?
Jason
More information about the Users
mailing list