[Openswan Users] Gateway to gateway without router in one endpoint?
Daniel Cave
dan.cave at me.com
Sat Jun 8 16:27:21 UTC 2013
Jose,
I noticed your earlier mail shows your Ipsec.conf file does not have any private leftsubnet= or leftsource= directive, which I believe as Alonso implies you're missing,
IF you think simplistically, that the tunnel can be built from peer-peer using the two public IP's (which you have done so far)
then you need the private address range on each side to route between via the tunnel, which gives you your bi-directional traffic flow)
For example. You have the rightsubnet and right peer IP already in your linux-rv042 config, but nothing on the Left.
conn %default
authby=secret
type=tunnel
left=78.222.51.10
leftsubnet=192.168.51.10/32 ( because you said you want to route from this HOST to your cisco network right ?) <<< you must configure the ip alias on eth0:1 using this IP (or one that you want to choose)
conn linux-rv042
auto=add
right=81.18.24.120
rightsubnet=192.168.1.101/32
authby=secret
ike=aes256-sha1;modp1536
esp=aes256-sha1;modp1536
pfs=yes
aggrmode=no
IF you config the alias interface on your ubuntu host with a private IP (It can be a /32 one ) and make sure you setup the same on the Cisco AND in your ipsec.conf, then restart, you should be good to go.
Dan.
On 8 Jun 2013, at 16:47, Jose M wrote:
> Thanks Alonso!
>
> Could you give me some hints how to create routes and iptables to get this working?
>
> From: alonso.manilla at gmail.com
> Date: Fri, 7 Jun 2013 17:07:34 -0500
> Subject: Re: [Openswan Users] Gateway to gateway without router in one endpoint?
> To: soloninguno at hotmail.com
> CC: users at lists.openswan.org
>
> It's possible to create virtual nics.
>
> Use #:
> ifconfig eth0:1 192.168.1.5 netmask 255.255.255.0
>
> to make it permanent change the /etc/network/interfaces file.
>
> then you need to create a route to send all packets from vpn to the new ip address, also need to check your iptables.
>
> Good luck.
>
>
> --
> Alonso Manilla
>
>
> 2013/6/7 Jose M <soloninguno at hotmail.com>
> I need to create an ipsec vpn between an internal network behind a cisco router and an ubuntu server in the outside that is directly connected to the web (no router here).
>
> Right now I've test openswan to create a client to gateway vpn an works as expected. Unforunately with this configuration I don't have two way traffic, the client sees the internal network, but the network can't see the client.
>
> My knowledge of networks isn't the best, so I need to ask, is it possible to create some kind of virtual nics in ubuntu client server to simulate a gateway and an internal network (with only one machine) in this endpoint, so the machines in the internal network can see this client?
>
> Thanks in advance!
>
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
Regards
Dan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130608/1d2442d3/attachment-0001.html>
More information about the Users
mailing list