[Openswan Users] really basic peer-to-peer setup

Simon Deziel simon at xelerance.com
Sat May 4 01:18:40 UTC 2013

On 13-05-03 04:21 PM, Alan McKay wrote:
> One potential complicating factor ...
> (solexa1, or on the other side) is not
> the main firewall / gateway for its subnet, and everything in that
> subnet uses as the default route.

You have some options but the simplest/cleanest would be to run IPsec
directly on If that's not possible I see two possible

dirty: NAT'ing when exiting solexa1 to

clean: on the other machines part of configure a route
to and pointing to Make sure
to enable forwarding on solexa1.

> But even when I try to ping from solexa1 to the private subnet side of
> the other end of the tunnel I get nothing.
> That should work shouldn't it?

ping -I

This way it should have the appropriate source IP to match the IPsec
policy in place.

More information about the Users mailing list