[Openswan Users] Tunnel failing to come up

Managed Pvt nets mpn at icabs.co.zw
Sun Jan 25 09:59:27 EST 2015


On 24/01/2015 2:46:17 PM, "Nick Howitt" <nick at howitts.co.uk> wrote:

>Can you give your network config as I don't understand it from this in 
>your logs:
>>000 "tunnel1": 
>>192.168.0.0/24===192.168.0.2<192.168.0.2>[LEFT_PUBLIC_IP,+S=C]---192.168.0.1...192.168.0.1---RIGHT_PUBLIC_IP<RIGHT_PUBLIC_IP>[+S=C]===192.168.10.0/24; 
>>prospective erouted; eroute owner: #0
>
>To me it is indicating your left and right public IP's have a common 
>gateway of 192.168.0.1 which does not make sense if you are declaring 
>public IP's for left and right.
My Debian box running IPSec is using only private IPs working as a sort 
of a DMZ for my LAN. The Debian then has a point-to-point with a Cisco 
router that has a public IP, to the internet. We are supposed to have a 
site-to-site connection with the provider's IPSec network which is 
sitting on a Microsoft Windows 2008R2 which is using Microsoft Forefront 
(TMG) 2008. I will try and put a diagram below then explain it:


<lan> <==>(LPLIP) <Debian IPSec>(LPTP2) <==> (LPTP1) <Cisco Router>(LPI) 
<==> {{INTERNET}} <==> (RPI)<MS Win2008R2 Server>(RPLI) <==><lan>

Left Side
LPLI - Left Private LAN Interface on the Debian Server facing the 
primary LAN for the network 103.1.0.0/24
LPTP1 - Left point to point IP - 192.168.0.2 [This is the Debian box 
running Openswan IPSec on NAT] facing the Cisco Router
LPTP2 - Left point to point IP - 192.168.0.1 [This is the gw to the 
internet - Cisco Router]
LPI - Left public IP (This is sitting on the Cisco Router acting as the 
border out to the internet]

Right Side
RPI - Right Public IP also gateway to the internet. This is sitting on 
the Microsoft Windows 2008R2 Server with MS Forefront TMG 2008
RPLI - Right Private LAN interface for the network 192.168.10.0/24

I hope this answers your questions. Many thanks for your help,

MPN.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150125/83ded687/attachment.html>


More information about the Users mailing list