[Openswan Users] Gateway to gateway without router in one endpoint?
Alonso Manilla
alonso.manilla at gmail.com
Mon Jun 10 14:09:16 UTC 2013
You're closer!
This maybe help you
I used this for route:
ip route add 128.9.0.0/16 via 128.100.100.1 dev eth0 proto static src
172.22.11.10/32
This is my iptables-save result:
*nat
:PREROUTING ACCEPT [7890242:571675663]
:INPUT ACCEPT [7207255:467688388]
:OUTPUT ACCEPT [1540066:101645951]
:POSTROUTING ACCEPT [1540060:101645591]
-A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
-A POSTROUTING -s 200.96.218.135/32 -d 172.22.11.10/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 128.9.0.0/16 -d 172.22.11.10/32 -o eth0 -j MASQUERADE
check this link:
I had problem with packages and here help me to solve
https://lists.openswan.org/pipermail/users/2013-May/022381.html
Regards!
--
Alonso Manilla
2013/6/8 Jose M <soloninguno at hotmail.com>
> Thanks Alonso!
>
> Could you give me some hints how to create routes and iptables to get this
> working?
>
> ------------------------------
> From: alonso.manilla at gmail.com
> Date: Fri, 7 Jun 2013 17:07:34 -0500
>
> Subject: Re: [Openswan Users] Gateway to gateway without router in one
> endpoint?
> To: soloninguno at hotmail.com
> CC: users at lists.openswan.org
>
>
> It's possible to create virtual nics.
>
> Use #:
> ifconfig eth0:1 192.168.1.5 netmask 255.255.255.0
>
> to make it permanent change the /etc/network/interfaces file.
>
> then you need to create a route to send all packets from vpn to the new ip
> address, also need to check your iptables.
>
> Good luck.
>
>
> --
> Alonso Manilla
>
>
> 2013/6/7 Jose M <soloninguno at hotmail.com>
>
> I need to create an ipsec vpn between an internal network behind a cisco
> router and an ubuntu server in the outside that is directly connected to
> the web (no router here).
>
> Right now I've test openswan to create a client to gateway vpn an works as
> expected. Unforunately with this configuration I don't have two way
> traffic, the client sees the internal network, but the network can't see
> the client.
>
> My knowledge of networks isn't the best, so I need to ask, is it possible
> to create some kind of virtual nics in ubuntu client server to simulate a
> gateway and an internal network (with only one machine) in this endpoint,
> so the machines in the internal network can see this client?
>
> Thanks in advance!
>
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130610/f1cf74d4/attachment-0001.html>
More information about the Users
mailing list