[Openswan Users] Gateway to gateway without router in one endpoint?

Bob Miller bob at computerisms.ca
Fri Jun 7 22:21:17 UTC 2013

> I need to create an ipsec vpn between an internal network behind a
> cisco router and an ubuntu server in the outside that is directly
> connected to the web (no router here).
> Right now I've test openswan to create a client to gateway vpn an
> works as expected. Unforunately with this configuration I don't have
> two way traffic, the client sees the internal network, but the network
> can't see the client.

As I understand the situation the ubuntu server is the client and it
needs split tunnelling (can access web and vpn at same time).  Also as I
understand, you have the tunnel up and working because traffic is
flowing, just not in both directions.  And the cisco router is acting as
your vpn server.

> My knowledge of networks isn't the best, so I need to ask, is it
> possible to create some kind of virtual nics in ubuntu client server
> to simulate a gateway and an internal network (with only one machine)
> in this endpoint, so the machines in the internal network can see this
> client?

I am sure you can, but I fail to see why it would help.  If you have
traffic flowing from client to net, then most likely traffic is not
flowing in the opposite direction because of a firewall or routing rule
somewhere.  For example, if the tunnel's IP on the client is in the same
subnet as the LAN you are connecting too, your cisco router won't have a
route leaving the network because it already has a route to that
network.  Conversely iptables on the client may be configured to not
allow any packets from a foreign LAN.

This is of course a generalization that in my experience is not always
true and may not apply to cisco routers, but almost always when traffic
works in one direction and not the other, the problem is firewall rules
or routing tables.  A tcpdump or equivalent on the internal and external
interfaces of the router should show you if this is true in your case or

> Thanks in advance!
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list