* [LARTC] routing in tunnel mode
@ 2007-01-22 19:21 Michael P. Soulier
2007-01-23 12:14 ` Nikolay Kichukov
2007-01-23 15:15 ` Michael P. Soulier
0 siblings, 2 replies; 3+ messages in thread
From: Michael P. Soulier @ 2007-01-22 19:21 UTC (permalink / raw)
To: lartc
Hello,
Looking here
http://www.ipsec-howto.org/x299.html
I've set up a vpn in transport mode with two linux boxes. I'm now trying to
set it up in tunnel mode. After using the example keys, trying to ping, it
doesn't work because the route network isn't routable.
This mention is in the howto
"If you tunnel is not working, please check your routing. Your hosts need to
know that they should send the packets for the opposite network to you vpn
gateway. The easiest setup would be using your vpn gateway as default
gateway."
But how does one set up a route like that, since the network is multiple hops
away, the route command isn't going to accept it?
[root@vmware-espresso1 ~]# route add -net 172.16.113.0 netmask 255.255.255.0
gw 10.33.15.145
SIOCADDRT: Network is unreachable
Some help please.
Mike
--
Michael P. Soulier <michael_soulier@mitel.com>, 613-592-2122 x2522
"Any intelligent fool can make things bigger and more complex... It takes a
touch of genius - and a lot of courage to move in the opposite direction."
--Albert Einstein
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] routing in tunnel mode
2007-01-22 19:21 [LARTC] routing in tunnel mode Michael P. Soulier
@ 2007-01-23 12:14 ` Nikolay Kichukov
2007-01-23 15:15 ` Michael P. Soulier
1 sibling, 0 replies; 3+ messages in thread
From: Nikolay Kichukov @ 2007-01-23 12:14 UTC (permalink / raw)
To: lartc
Hello there, it does not matter what type of network you are trying to
reach, the Network unreachable error message suggests, that the router
does not know on which interface(physical) to forward the packets with
destination -net !
Before the lane you wrote, try this:
route add -net xx.xx.xxx.xxx dev YOURDEVICE
YOURDEVICE will be the device that the network is connected to the
router via. If it is a sit tunnel, then YOURDEVICE = sit0.
HTH,
-Nikolay Kichukov
Michael P. Soulier wrote:
> Hello,
>
> Looking here
>
> http://www.ipsec-howto.org/x299.html
>
> I've set up a vpn in transport mode with two linux boxes. I'm now trying to
> set it up in tunnel mode. After using the example keys, trying to ping, it
> doesn't work because the route network isn't routable.
>
> This mention is in the howto
>
> "If you tunnel is not working, please check your routing. Your hosts need to
> know that they should send the packets for the opposite network to you vpn
> gateway. The easiest setup would be using your vpn gateway as default
> gateway."
>
> But how does one set up a route like that, since the network is multiple hops
> away, the route command isn't going to accept it?
>
> [root@vmware-espresso1 ~]# route add -net 172.16.113.0 netmask 255.255.255.0
> gw 10.33.15.145
> SIOCADDRT: Network is unreachable
>
> Some help please.
>
> Mike
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] routing in tunnel mode
2007-01-22 19:21 [LARTC] routing in tunnel mode Michael P. Soulier
2007-01-23 12:14 ` Nikolay Kichukov
@ 2007-01-23 15:15 ` Michael P. Soulier
1 sibling, 0 replies; 3+ messages in thread
From: Michael P. Soulier @ 2007-01-23 15:15 UTC (permalink / raw)
To: lartc
On 22/01/07 Michael P. Soulier did say:
> This mention is in the howto
>
> "If you tunnel is not working, please check your routing. Your hosts need to
> know that they should send the packets for the opposite network to you vpn
> gateway. The easiest setup would be using your vpn gateway as default
> gateway."
>
> But how does one set up a route like that, since the network is multiple hops
> away, the route command isn't going to accept it?
Brain fart. This was written for the clients on the private networks being
connected. It seemed like it was written for the vpn gateways.
The policy seems sufficient for routing, although I had expected the more
traditional routing tools to play a part.
Mike
--
Michael P. Soulier <michael_soulier@mitel.com>, 613-592-2122 x2522
"Any intelligent fool can make things bigger and more complex... It takes a
touch of genius - and a lot of courage to move in the opposite direction."
--Albert Einstein
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-01-23 15:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-01-22 19:21 [LARTC] routing in tunnel mode Michael P. Soulier
2007-01-23 12:14 ` Nikolay Kichukov
2007-01-23 15:15 ` Michael P. Soulier
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.