[Openswan Users] Hub and Spoke issue
Nick Howitt
nick at howitts.co.uk
Wed Jul 2 12:02:54 EDT 2014
In OpenVPN are you also pushing a route to 192.168.69.0/24?
Something also looks wrong in your conns. You should have:
conn SauPaulo-to-Oregon
leftsubnets=SauPaulo's_subnets, Ireland's_subnets
rightsubnets=Oregon's_subnets
conn SauPaulo-to-Ireland
leftsubnets=SauPaulo's_subnets, Oregon's_subnets
rightsubnets=Ireland's_subnets
You appear to have 192.168.10.0/24 in both Ireland and Oregon
Nick
On 2014-07-02 16:39, steve wrote:
> Nick, awesome. I am almost there.
> I am able to now ping from spoke to spoke. However, I am trying to
> ping
> from my client at 192.168.10.0/24 through to Ireland, 192.168.69.0/24
> and
> its fails. Should the 192.168.10.0/24 network be added anywhere else?
>
> Here is my new Hub IPsec.conf
> Hub
> conn SauPaulo-to-Oregon
> type=tunnel
> authby=secret
> left=%defaultroute
> leftid=54.232.199.31
> leftnexthop=%defaultroute
> leftsubnets=10.0.0.0/16,192.168.69.0/24
> right=54.186.82.78
> rightsubnets=172.31.0.0/16,192.168.10.0/24,192.168.69.0/24
> ike=aes256-sha
> esp=aes256-sha1
> pfs=yes
> auto=start
>
> conn SauPaulo-to-Ireland
> type=tunnel
> authby=secret
> left=%defaultroute
> leftid=54.232.199.31
> leftnexthop=%defaultroute
> leftsubnets=10.0.0.0/16,172.31.0.0/16
> right=54.76.160.103
> rightsubnets=172.31.0.0/16,192.168.10.0/24,192.168.69.0/24
> ike=aes256-sha
> esp=aes256-sha1
> pfs=yes
> auto=start
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list