[Openswan Users] Connecting to other machines in subnet
Willie Gillespie
wgillespie+openswan at es2eng.com
Mon Feb 11 18:45:33 EST 2013
On 02/11/2013 04:10 PM, Durwin wrote:
>> What you are talking about is doable, but I need to know a little more about your setup.
>>
>> Do you still want an IPsec connection between site A and B with the SSH connection to machine C (which is at site B) inside of it?
>>
>> Or do you want the SSH connection to go directly to machine C and not be encapsulated in the IPsec tunnel?
>>
>> Is machine B the gateway for site B (and thus for machine C)? Or does machine C have its own public IP address?
>
> Ok, let me give you the detailed setup. Both sites are behind modems,
> none of the servers have real ip addresses. Site A has a hardware VPN,
> this is connected to VPN server at site B (server B). I wish to connect
> to port 80 on machine C (with browser). Server B does not need 80. I
> need to be able to ssh into server B yet still be able to ssh into
> machine C (from server B is fine). Did I leave anything out? While I
> am at it. I also need iptable rules which allow vpn to work. I've been
> running without iptables.
Okay, for a computer in site A to connect to server C, you'll need to
set up the connection between server A and B to support the subnets.
Something like:
conn BetweenSiteAandSiteB
type=tunnel
authby=secret
pfs=yes
auto=start
compress=yes
keyingtries=3
left=a.a.a.a
right=b.b.b.b
rightsubnet=c.c.c.0/24
rightsourceip=c.c.c.1
Obviously server B will need IP forwarding enabled and needs to be the
gateway for site B -> site A. You never really said whether this was
the case or not, so I just assumed.
More information about the Users
mailing list