[Openswan Users] Gateway to gateway without router in one endpoint?

Alonso Manilla alonso.manilla at gmail.com
Mon Jun 10 17:47:56 UTC 2013


This is my ipsec.conf

Left it's me and right is the other vpn point.

As you say 128 is Remote and 172 is the local network.

128.100.100.1 is the remote ID

config setup
plutoopts="--perpeerlog"
nat_traversal=yes
 virtual_private=%v4:128.9.0.0/16,%v4:172.22.11.10/32
oe=off
 protostack=netkey
interfaces=%defaultroute
conn bc
type=tunnel
 left=85.25.111.144
leftsubnet=172.22.11.10/32
leftnexthop=%defaultroute
 leftsourceip=172.22.11.10
right=200.96.218.135
rightid=128.100.100.1
 rightsubnet=128.9.0.0/16
rightnexthop=%defaultroute
pfs=yes
 auto=start
ike=3des-md5;modp1024
keylife=60m
 authby=secret
ikelifetime=1440m
esp=3des-md5
 compress=no
forceencaps= yes

About your last question,  I think your problem its with route and the
packages don't know where to go.


--
Alonso Manilla


2013/6/10 Jose M <soloninguno at hotmail.com>

>  Thanks Alonso for your help!
>
> I'm not a pro with network things, so is not very clear to me what ips do
> I have to put in the ip router command you post
>
>
>  ip route add 128.9.0.0/16 via 128.100.100.1 dev eth0 proto static src
> 172.22.11.10/32
>
> 128.9.0.0/16 is the "remote network"?
> 128.100.100.1 is the local gateway?
> 172.22.11.10/32 is the "local network"?
>
>
> Just in case, here is the configuration I have after creating the virtual
> nic with
>
>
> sudo ifconfig eth0:1 192.168.51.10/32 netmask 255.255.255.0
>
> *ipsec.conf*
>
> conn %default
>     authby=secret
>     type=tunnel
>     left=78.222.51.10
>     leftsubnet=192.168.51.10/32
>
> conn linux-rv042
>     auto=add
>     right=81.18.24.120
>     rightsubnet=192.168.1.101/32
>     authby=secret
>
> And here the picture of my RV042 configuration with "gateway to gateway"
> mode
> http://tinypic.com/view.php?pic=20aoqx1&s=5
>
> By the way, why if i configure the "client to gateway" I can ping from the
> client to the vpn, and with "gateway to gateway" that doesn't work. Is
> because now the client has two nics and doesn't know where to go?
>
> Kind regards
>
> ------------------------------
> From: alonso.manilla at gmail.com
> Date: Mon, 10 Jun 2013 09:09:16 -0500
>
> Subject: Re: [Openswan Users] Gateway to gateway without router in one
> endpoint?
> To: soloninguno at hotmail.com
> CC: users at lists.openswan.org
>
> You're closer!
>
> This maybe help you
>
> I used this for route:
>
>  ip route add 128.9.0.0/16 via 128.100.100.1 dev eth0 proto static src
> 172.22.11.10/32
>
> This is my iptables-save result:
>
> *nat
> :PREROUTING ACCEPT [7890242:571675663]
> :INPUT ACCEPT [7207255:467688388]
> :OUTPUT ACCEPT [1540066:101645951]
> :POSTROUTING ACCEPT [1540060:101645591]
> -A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
> --clamp-mss-to-pmtu
> -A POSTROUTING -s 200.96.218.135/32 -d 172.22.11.10/32 -o eth0 -j
> MASQUERADE
> -A POSTROUTING -s 128.9.0.0/16 -d 172.22.11.10/32 -o eth0 -j MASQUERADE
>
> check this link:
>
> I had problem with packages and here help me to solve
>
> https://lists.openswan.org/pipermail/users/2013-May/022381.html
>
> Regards!
>
>
> --
> Alonso Manilla
>
>
> 2013/6/8 Jose M <soloninguno at hotmail.com>
>
> Thanks Alonso!
>
> Could you give me some hints how to create routes and iptables to get this
> working?
>
> ------------------------------
> From: alonso.manilla at gmail.com
> Date: Fri, 7 Jun 2013 17:07:34 -0500
>
> Subject: Re: [Openswan Users] Gateway to gateway without router in one
> endpoint?
> To: soloninguno at hotmail.com
> CC: users at lists.openswan.org
>
>
> It's possible to create virtual nics.
>
> Use #:
> ifconfig eth0:1 192.168.1.5 netmask 255.255.255.0
>
> to make it permanent change the /etc/network/interfaces file.
>
> then you need to create a route to send all packets from vpn to the new ip
> address, also need to check your iptables.
>
> Good luck.
>
>
> --
> Alonso Manilla
>
>
> 2013/6/7 Jose M <soloninguno at hotmail.com>
>
> I need to create an ipsec vpn between an internal network behind a cisco
> router and an ubuntu server in the outside that is directly connected to
> the web (no router here).
>
> Right now I've test openswan to create a client to gateway vpn an works as
> expected. Unforunately with this configuration I don't have two way
> traffic, the client sees the internal network, but the network can't see
> the client.
>
> My knowledge of networks isn't the best, so I need to ask, is it possible
> to create some kind of virtual nics in ubuntu client server to simulate a
> gateway and an internal network (with only one machine) in this endpoint,
> so the machines in the internal network can see this client?
>
> Thanks in advance!
>
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130610/28ecf5a5/attachment-0001.html>


More information about the Users mailing list