[Openswan Users] No return traffic beyond openswan

Michael Wisniewski wiz561 at gmail.com
Wed Jun 13 12:37:25 EDT 2012


Hi!

I ran into another problem with Openswan.  My topology looks like this...

192.168.140.0/24 -> 192.168.140.20 -> 192.168.101.128 << switch to another
machine >> 192.168.101.129 -> 192.168.105.1 -> 192.168.105.0/24

192.168.140.0/24 is routed through another Linux machine.  Here's kind of
like what it looks like...

[ Internet ] -> Linux Box doing IPTables/NAT/DNS -> (192.168.140.20)
Openswan (192.168.101.128) -> switch -> 192.168.101.129 (another openswan)
-> 192.168.105.1 -> 192.168.105.0/24 (workstations)

Linux Box has multiple subnets, 192.168.140.0/24, 192.168.102.0/24.  If I
ping 192.168.140.20, I get responses.  This is on the other side of the
openswan box.  If I ping 192.168.140.1, I can see that on the linux box
doing iptables/nat/dns, I get the ICMP Echo Request from 192.168.105.1 to
192.168.140.1.  However, I get no responses at this point.

I believe I don't because the linux box doing all the routing has no idea
about the 192.168.105.0/24 subnet and how to get there.  I've attempted to
add routes to that for 192.168.105.0, but I obviously have no clue what I'm
doing because I couldn't get it to work.  The route I tried was...

route add -net 192.168.105.0 netmask 255.255.255.0 eth1.140

I thought that it would tell the gateway to get to 105 through eth1.140,
which is the interface the vlan is on.  This failed.

Can anybody out there solve this dilemma?


Thanks!
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120613/2952590d/attachment.html>


More information about the Users mailing list