[Openswan Users] Tunnel failing to come up
Managed Pvt nets
mpn at icabs.co.zw
Sun Jan 25 09:59:27 EST 2015
On 24/01/2015 2:46:17 PM, "Nick Howitt" <nick at howitts.co.uk> wrote:
>Can you give your network config as I don't understand it from this in
>your logs:
>>000 "tunnel1":
>>192.168.0.0/24===192.168.0.2<192.168.0.2>[LEFT_PUBLIC_IP,+S=C]---192.168.0.1...192.168.0.1---RIGHT_PUBLIC_IP<RIGHT_PUBLIC_IP>[+S=C]===192.168.10.0/24;
>>prospective erouted; eroute owner: #0
>
>To me it is indicating your left and right public IP's have a common
>gateway of 192.168.0.1 which does not make sense if you are declaring
>public IP's for left and right.
My Debian box running IPSec is using only private IPs working as a sort
of a DMZ for my LAN. The Debian then has a point-to-point with a Cisco
router that has a public IP, to the internet. We are supposed to have a
site-to-site connection with the provider's IPSec network which is
sitting on a Microsoft Windows 2008R2 which is using Microsoft Forefront
(TMG) 2008. I will try and put a diagram below then explain it:
<lan> <==>(LPLIP) <Debian IPSec>(LPTP2) <==> (LPTP1) <Cisco Router>(LPI)
<==> {{INTERNET}} <==> (RPI)<MS Win2008R2 Server>(RPLI) <==><lan>
Left Side
LPLI - Left Private LAN Interface on the Debian Server facing the
primary LAN for the network 103.1.0.0/24
LPTP1 - Left point to point IP - 192.168.0.2 [This is the Debian box
running Openswan IPSec on NAT] facing the Cisco Router
LPTP2 - Left point to point IP - 192.168.0.1 [This is the gw to the
internet - Cisco Router]
LPI - Left public IP (This is sitting on the Cisco Router acting as the
border out to the internet]
Right Side
RPI - Right Public IP also gateway to the internet. This is sitting on
the Microsoft Windows 2008R2 Server with MS Forefront TMG 2008
RPLI - Right Private LAN interface for the network 192.168.10.0/24
I hope this answers your questions. Many thanks for your help,
MPN.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150125/83ded687/attachment.html>
More information about the Users
mailing list