Hi!<div><br></div><div>I'm having a problem trying to get this to work, and hoping that somebody can help. Here's a little background on what I want to do. At work, I'm an admin of a LAN with multiple VLAN's. Recently, I moved offices and now we're trunking one of the VLAN's over the company's LAN. In the past, these two systems were totally separated from each other. By trunking it over the company's equipment, I am subject to some strange restrictions that are placed, such as MAC address locking and god knows what else. Originally, the topology looked like this..</div>
<div><br></div><div>INTERNET -> Linux Gateway/Firewall/NAT/DNS -> VLAN 101, 140, etc.</div><div><br></div><div>VLAN 101 = Workstations</div><div>VLAN 140 = Servers</div><div><br></div><div>Now, the topology looks like this...</div>
<div><br></div><div><div>INTERNET -> Linux Gateway/Firewall/NAT/DNS -> VLAN 101, 102, 140, etc.</div></div><div><br></div><div>VLAN101 = My private VLAN that's trunked across equipment</div><div><div>VLAN 102 = Workstations</div>
<div>VLAN 140 = Servers</div></div><div><br></div><div>What I want to do is encrypt all the traffic on the 101 subnet to a VPN server on the 140 vlan. I have the following setup...</div><div><br></div><div>OpenSwan "Right side" is a box I have setup upstairs. It looks like this...</div>
<div><br></div><div><a href="http://192.168.105.0/24">192.168.105.0/24</a> (network) -> 192.168.105.5 (eth1 on the openswan box) -> 192.168.101.53 (eth0 on the openswan box)</div><div><br></div><div>Then on the "left side" of the setup, I have another openswan box that looks like this.</div>
<div><br></div><div>192.168.101.20 (eth1) -> openswan box -> 192.168.140.20 (eth0)</div><div><br></div><div>What I want to do is set it up so I can plug my machine in on the 105 network, have it get tunneled through the right hand side of the openswan system, get it encrypted to the 101.20 box, and have that box put my machine on the 140.0/24 subnet. Here's my ipsec.conf attempt...</div>
<div><br></div><div><div>conn net-to-net</div><div> authby=secret</div><div> auto=add</div><div> # left = server side</div><div> left=192.168.101.20</div><div> leftsubnet=<a href="http://192.168.140.0/24">192.168.140.0/24</a></div>
<div> # right = client (attic)</div><div> right=192.168.101.53</div><div> rightid=192.168.101.53</div><div> rightsubnet=<a href="http://192.168.105.0/24">192.168.105.0/24</a></div><div> rightnexthop=192.168.101.20</div>
</div><div><br></div><div><br></div><div>What happens is that I think it connects, but on the right side, I don't get a route put in so it's like nothing works. I'm sure this is a simple "site to site" config, but I have no idea what I'm doing. I'm also using Ubuntu 12.04 LTS on both machines.</div>
<div><br></div><div>Any help is appreciated.</div><div><br></div><div>Thanks!</div>