[Openswan Users] Gateway to gateway without router in one endpoint?

Mon Jun 10 15:23:48 UTC 2013

Thanks Alonso for your help!

I'm not a pro with network things, so is not very clear to me what ips do I have to put in the ip router command you post

 ip route add 128.9.0.0/16 via 128.100.100.1 dev eth0 proto static src 172.22.11.10/32

128.9.0.0/16 is the "remote network"?
128.100.100.1 is the local gateway?
172.22.11.10/32 is the "local network"?

Just in case, here is the configuration I have after creating the virtual nic with

sudo ifconfig eth0:1 192.168.51.10/32 netmask 255.255.255.0

ipsec.conf
conn %default
    authby=secret
    type=tunnel
    left=78.222.51.10
    leftsubnet=192.168.51.10/32

conn linux-rv042
    auto=add
    right=81.18.24.120
    rightsubnet=192.168.1.101/32
    authby=secretAnd here the picture of my RV042 configuration with "gateway to gateway" mode
http://tinypic.com/view.php?pic=20aoqx1&s=5

By the way, why if i configure the "client to gateway" I can ping from the client to the vpn, and with "gateway to gateway" that doesn't work. Is because now the client has two nics and doesn't know where to go?

Kind regards

From: alonso.manilla at gmail.com
Date: Mon, 10 Jun 2013 09:09:16 -0500
Subject: Re: [Openswan Users] Gateway to gateway without router in one endpoint?
To: soloninguno at hotmail.com
CC: users at lists.openswan.org

You're closer!
This maybe help you

I used this for route:
 ip route add 128.9.0.0/16 via 128.100.100.1 dev eth0 proto static src 172.22.11.10/32

This is my iptables-save result:
*nat:PREROUTING ACCEPT [7890242:571675663]:INPUT ACCEPT [7207255:467688388]

:OUTPUT ACCEPT [1540066:101645951]:POSTROUTING ACCEPT [1540060:101645591]-A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu-A POSTROUTING -s 200.96.218.135/32 -d 172.22.11.10/32 -o eth0 -j MASQUERADE

-A POSTROUTING -s 128.9.0.0/16 -d 172.22.11.10/32 -o eth0 -j MASQUERADE
check this link:

I had problem with packages and here help me to solve
https://lists.openswan.org/pipermail/users/2013-May/022381.html

Regards!
--Alonso Manilla

2013/6/8 Jose M <soloninguno at hotmail.com>

Thanks Alonso!

Could you give me some hints how to create routes and iptables to get this working?

From: alonso.manilla at gmail.com

Date: Fri, 7 Jun 2013 17:07:34 -0500
Subject: Re: [Openswan Users] Gateway to gateway without router in one endpoint?
To: soloninguno at hotmail.com

CC: users at lists.openswan.org

It's possible to create virtual nics.
Use #: ifconfig eth0:1 192.168.1.5 netmask 255.255.255.0

to make it permanent change the /etc/network/interfaces file.

then you need to create a route to send all packets from vpn to the new ip address, also need to check your iptables.
Good luck.

--Alonso Manilla

2013/6/7 Jose M <soloninguno at hotmail.com>

I need to create an ipsec vpn between an internal network behind a cisco router and
 an ubuntu server in the outside that is directly connected to the web (no 
router here).

Right now I've test openswan to create a client to gateway vpn an works as expected. Unforunately with this configuration I don't have two way traffic, the client sees the internal network, but the network can't see the client.

My knowledge of networks isn't the best, so I need to ask, is it possible to create some kind of virtual nics in ubuntu client server to simulate a gateway and an internal network (with only one machine) in this endpoint, so the machines in the internal network can see this client?

Thanks in advance!

_______________________________________________

Users at lists.openswan.org

https://lists.openswan.org/mailman/listinfo/users

Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy

Building and Integrating Virtual Private Networks with Openswan:

http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130610/8ffd1539/attachment.html>