[LARTC] routing in tunnel mode

[LARTC] routing in tunnel mode

[Michael P. Soulier]

Hello,

Looking here

http://www.ipsec-howto.org/x299.html

I've set up a vpn in transport mode with two linux boxes. I'm now trying to
set it up in tunnel mode. After using the example keys, trying to ping, it
doesn't work because the route network isn't routable. 

This mention is in the howto

"If you tunnel is not working, please check your routing. Your hosts need to
know that they should send the packets for the opposite network to you vpn
gateway. The easiest setup would be using your vpn gateway as default
gateway."

But how does one set up a route like that, since the network is multiple hops
away, the route command isn't going to accept it?

[root@vmware-espresso1 ~]# route add -net 172.16.113.0 netmask 255.255.255.0
gw 10.33.15.145
SIOCADDRT: Network is unreachable

Some help please. 

Mike
-- 
Michael P. Soulier <michael_soulier@mitel.com>, 613-592-2122 x2522
"Any intelligent fool can make things bigger and more complex... It takes a
touch of genius - and a lot of courage to move in the opposite direction."
--Albert Einstein
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] routing in tunnel mode

[Nikolay Kichukov]

Hello there, it does not matter what type of network you are trying to 
reach, the Network unreachable error message suggests, that the router 
does not know on which interface(physical) to forward the packets with 
destination -net !

Before the lane you wrote, try this:
route add -net xx.xx.xxx.xxx dev YOURDEVICE

YOURDEVICE will be the device that the network is connected to the 
router via. If it is a sit tunnel, then YOURDEVICE = sit0.

HTH,
-Nikolay Kichukov

Michael P. Soulier wrote:
> Hello,
> 
> Looking here
> 
> http://www.ipsec-howto.org/x299.html
> 
> I've set up a vpn in transport mode with two linux boxes. I'm now trying to
> set it up in tunnel mode. After using the example keys, trying to ping, it
> doesn't work because the route network isn't routable. 
> 
> This mention is in the howto
> 
> "If you tunnel is not working, please check your routing. Your hosts need to
> know that they should send the packets for the opposite network to you vpn
> gateway. The easiest setup would be using your vpn gateway as default
> gateway."
> 
> But how does one set up a route like that, since the network is multiple hops
> away, the route command isn't going to accept it?
> 
> [root@vmware-espresso1 ~]# route add -net 172.16.113.0 netmask 255.255.255.0
> gw 10.33.15.145
> SIOCADDRT: Network is unreachable
> 
> Some help please. 
> 
> Mike
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] routing in tunnel mode

[Michael P. Soulier]

On 22/01/07 Michael P. Soulier did say:

> This mention is in the howto
> 
> "If you tunnel is not working, please check your routing. Your hosts need to
> know that they should send the packets for the opposite network to you vpn
> gateway. The easiest setup would be using your vpn gateway as default
> gateway."
> 
> But how does one set up a route like that, since the network is multiple hops
> away, the route command isn't going to accept it?

Brain fart. This was written for the clients on the private networks being
connected. It seemed like it was written for the vpn gateways. 

The policy seems sufficient for routing, although I had expected the more
traditional routing tools to play a part. 

Mike
-- 
Michael P. Soulier <michael_soulier@mitel.com>, 613-592-2122 x2522
"Any intelligent fool can make things bigger and more complex... It takes a
touch of genius - and a lot of courage to move in the opposite direction."
--Albert Einstein
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc