[Openswan Users] IPsec route all traffic

Aleksander Ol aleksander_2005 at mail.ru
Tue Jun 10 04:19:16 EDT 2014 

 hi !
i try it rightsubnet to 0.0.0.0/0
IF i set rightsubnet to 0.0.0.0/0  i can pint 1 site but can't ping 2 site .... my CheckPoint say /// invalid id information




Tue, 10 Jun 2014 09:12:29 +0100 от Nick Howitt <nick at howitts.co.uk>:
>I believe you need to set rightsubnet to 0.0.0.0/0. Match it in your 
>remote config. If it is important that the users can only access the 
>internet via the VPN,you may also want to add a firewall rule blocking 
>all traffic in the FORWARD chain (assuming iptables) in case the tunnel 
>goes down.
>
>Nick
>
>On 2014-06-10 08:28, Aleksander Ol wrote:
>> config setup
>>  interfaces="%defaultroute"
>>  nat_traversal=yes
>>  protostack=netkey
>>  plutostderrlog=/var/log/pluto.log
>>  plutodebug="all"
>> conn VPN
>>  forceencaps=yes
>>  dpddelay=30
>>  dpdtimeout=120
>>  dpdaction=restart
>>  ike=aes-256-sha1;modp1024
>>  ikelifetime=86400s
>>  authby=secret
>>  type=tunnel
>>  salifetime=3600s
>>  pfs=yes
>>  phase2=esp
>>  phase2alg=aes-128-sha1;modp1024
>>  left=185.XXX.XXX
>>  leftsubnet=10.XXX.XXX.XXX/24
>>  leftnexthop=%defaultroute
>>  right=91.YYY.YYY.YYY
>>  rightsubnet=10.11.YYY.YY/24
>>  rightnexthop=%defaultroute
>>  auto=start
>> 
>> Mon, 09 Jun 2014 09:37:59 +0100 от Dan Cave < dan.cave at me.com >:
>> 
>>> Please post your configuring
>>> 
>>> :)
>>> 
>>> On 8 Jun 2014 19:07, Aleksander Ol < aleksander_2005 at mail.ru [1]>
>>> wrote:
>>>> 
>>>> Good afternoon.
>>>> I can not send traffic as IPSEC.
>>>> 
>>>> configured so
>>>> 1) Eth0 ( Internal Network .... 192.168.0.0/24 )
>>>> 2) Eth1 ( Internet )
>>>> 
>>>> I setup Openswan IPsec .... use (netkey )
>>>> Now All local traffic work fine ... but i neet route all traffic
>>> to VPN .... Internet also.
>>>> I need that users went through a remote gateway with any
>>> established VPN connection
>>>> If that does not work VPN Internet also should not work
>>>> 
>>>> The problem is that OpenSwan IPSEC does not create a separate
>>> interface
>>>> 
>>>> If anyone knows how to config. Help please
>>>> 
>>>> Sorry for my english
>>>> 
>>>> 
>>>> --
>>>> Aleksander Ol
>> 
>> 
>> 
>> Links:
>> ------
>> [1] 
>>  http://howitts.poweredbyclear.com/compose?To=aleksander_2005@mail.ru
>> 
>> _______________________________________________
>>  Users at lists.openswan.org
>>  https://lists.openswan.org/mailman/listinfo/users
>> Micropayments:  https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>>  http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140610/3423ae2e/attachment-0001.html>

More information about the Users mailing list