[Openswan Users] really basic peer-to-peer setup
Simon Deziel
simon at xelerance.com
Sat May 4 01:18:40 UTC 2013
On 13-05-03 04:21 PM, Alan McKay wrote:
> One potential complicating factor ...
>
> 10.246.159.41 (solexa1, or 192.168.160.11 on the other side) is not
> the main firewall / gateway for its subnet, and everything in that
> subnet uses 192.168.160.10 as the default route.
You have some options but the simplest/cleanest would be to run IPsec
directly on 192.168.160.10. If that's not possible I see two possible
solutions:
dirty: NAT'ing when exiting solexa1 to 192.168.160.0/24
clean: on the other machines part of 192.168.160.0/24 configure a route
to 172.16.0.0/24 and 172.30.0.0/24 pointing to 192.168.160.11. Make sure
to enable forwarding on solexa1.
> But even when I try to ping from solexa1 to the private subnet side of
> the other end of the tunnel I get nothing.
> That should work shouldn't it?
ping 172.16.0.1 -I 192.168.160.11
This way it should have the appropriate source IP to match the IPsec
policy in place.
More information about the Users
mailing list