[Openswan Users] Connecting to other machines in subnet

Durwin thecajun at nmia.com
Mon Feb 11 18:10:19 EST 2013 

> What you are talking about is doable, but I need to know a little more about your setup.
> 
> Do you still want an IPsec connection between site A and B with the SSH connection to machine C (which is at site B) inside of it?
> 
> Or do you want the SSH connection to go directly to machine C and not be encapsulated in the IPsec tunnel?
> 
> Is machine B the gateway for site B (and thus for machine C)?  Or does machine C have its own public IP address?

Ok, let me give you the detailed setup.  Both sites are behind modems,
none of the servers have real ip addresses.  Site A has a hardware VPN,
this is connected to VPN server at site B (server B).  I wish to connect
to port 80 on machine C (with browser).  Server B does not need 80.  I
need to be able to ssh into server B yet still be able to ssh into
machine C (from server B is fine).  Did I leave anything out?  While I
am at it.  I also need iptable rules which allow vpn to work.  I've been
running without iptables.
> 
> On 02/11/2013 02:40 PM, Durwin wrote:
> > If you mean for me to get the ip addresses from tcpdump, I already know
> > them.  For example. Site A machine has local ip a.a.a.a and ssh's to
> > Site B (which is running VPN) like ssh user at b.b.b.b  I want it to go to
> > c.c.c.c   What has me concerned is, if I forward port 22 to c.c.c.c,
> > does the machine know how to return traffic with just that one iptables
> > line?  Or do I need to add another line to tell c.c.c.c how to send
> > traffic back to a.a.a.a?
> >
> > Thank you,
> >
> > Durwin
> >>
> >> On 11 Feb 2013, at 20:02, Durwin wrote:
> >>
> >>> I have VPN setup.  Works just fine.  However, it is desired to be able
> >>> to connect to a specific machine (other then the one running VPN).  For
> >>> example,  machine A at VPN location 1 needs to connect directly to
> >>> machine C at VPN location 2.  Machine B is running VPN.  Is there a way?
> >>> I am thinking iptables, but I only have a working knowlegde of it.
> >>>
> >>>
> >>> Thank you,
> >>>
> >>> Durwin
> >>> _______________________________________________
> >>> Users at lists.openswan.org
> >>> https://lists.openswan.org/mailman/listinfo/users
> >>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> >>> Building and Integrating Virtual Private Networks with Openswan:
> >>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >>
> >> Regards
> >>
> >> Dan.
> >
> > Durwin F. De La Rue <thecajun at nmia.com>
> >
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

Durwin F. De La Rue <thecajun at nmia.com>
-- 
reality.sys corrupted. universe halted. reboot (y/n)?

More information about the Users mailing list