[Openswan Users] Connecting to other machines in subnet

Willie Gillespie wgillespie+openswan at es2eng.com
Mon Feb 11 18:45:33 EST 2013

On 02/11/2013 04:10 PM, Durwin wrote:
>> What you are talking about is doable, but I need to know a little more about your setup.
>> Do you still want an IPsec connection between site A and B with the SSH connection to machine C (which is at site B) inside of it?
>> Or do you want the SSH connection to go directly to machine C and not be encapsulated in the IPsec tunnel?
>> Is machine B the gateway for site B (and thus for machine C)?  Or does machine C have its own public IP address?
> Ok, let me give you the detailed setup.  Both sites are behind modems,
> none of the servers have real ip addresses.  Site A has a hardware VPN,
> this is connected to VPN server at site B (server B).  I wish to connect
> to port 80 on machine C (with browser).  Server B does not need 80.  I
> need to be able to ssh into server B yet still be able to ssh into
> machine C (from server B is fine).  Did I leave anything out?  While I
> am at it.  I also need iptable rules which allow vpn to work.  I've been
> running without iptables.

Okay, for a computer in site A to connect to server C, you'll need to 
set up the connection between server A and B to support the subnets.

Something like:
conn BetweenSiteAandSiteB

Obviously server B will need IP forwarding enabled and needs to be the 
gateway for site B -> site A.  You never really said whether this was 
the case or not, so I just assumed.

More information about the Users mailing list