[Openswan Users] really basic peer-to-peer setup

Simon Deziel simon at xelerance.com
Sat May 4 01:18:40 UTC 2013


On 13-05-03 04:21 PM, Alan McKay wrote:
> One potential complicating factor ...
> 
> 10.246.159.41 (solexa1, or 192.168.160.11 on the other side) is not
> the main firewall / gateway for its subnet, and everything in that
> subnet uses 192.168.160.10 as the default route.

You have some options but the simplest/cleanest would be to run IPsec
directly on 192.168.160.10. If that's not possible I see two possible
solutions:

dirty: NAT'ing when exiting solexa1 to 192.168.160.0/24

clean: on the other machines part of 192.168.160.0/24 configure a route
to 172.16.0.0/24 and 172.30.0.0/24 pointing to 192.168.160.11. Make sure
to enable forwarding on solexa1.

> But even when I try to ping from solexa1 to the private subnet side of
> the other end of the tunnel I get nothing.
> That should work shouldn't it?

ping 172.16.0.1 -I 192.168.160.11

This way it should have the appropriate source IP to match the IPsec
policy in place.


More information about the Users mailing list