From: "Jason A. Pattie" <pattieja@pcxperience.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] IPSec tunnel problem
Date: Mon, 26 Apr 2004 15:06:44 +0000 [thread overview]
Message-ID: <408D2584.5040908@pcxperience.com> (raw)
In-Reply-To: <40897577.7050606@janrain.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Grant Monroe wrote:
| I am attempting to setup a simple network-to-network IPSec tunnel. The
| tunnel appears to be setup correctly because I can make connections
| between the networks and tcpdump shows esp packets going between the two
| gateways. My problem is that I cannot make connections from one gateway
| to the other through the tunnel. I think that this is a routing issue.
| Here is some more info about my network:
|
| 192.168.1.1 10.0.0.6 10.0.0.9
| 192.168.2.1
| 192.168.1.7 +-----------+
| +-----------+ 192.168.2.14
| +-----+ | Gateway | | Gateway
| | +-----+
| | Foo | -- 192.168.1.0/24 -- | A | -- 10.0.0.0/24 -- | B
| | -- 192.168.2.0/24 -- | Bar |
| +-----+ +-----------+
| +-----------+ +-----+
|
| So, for example, Foo can ping Bar, but Gateway A can't ping Gateway B's
| private interface or Bar.
| Thanks for any help.
No problem. If you are by any chance using FreeS/WAN (or one of its
derivatives) you have to setup 4 tunnel connections. Subnet-to-Subnet,
Subnet-to-Host, Host-to-Subnet, and Host-to-Host. There are e-mails in
the FreeS/WAN archives that show how to setup routes in order to
accomplish the same thing, but I like being able to see the actual
tunnels up and know what connections I've defined. I.e., ipsec eroute
will let you see all 4 tunnels, not just 1 and you have to know that
routes are in place to allow traffic to flow in all 4 directions.
- --
Jason A. Pattie
pattieja@xperienceinc.com
Xperience, Inc. (http://www.xperienceinc.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFAjSWEuYsUrHkpYtARAsCEAJ9hsG2y93dvWp8McBlXIzKozzG2EACeIpDH
H6SxFvchlAEVesyA26dpBGM=2sYd
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2004-04-26 15:06 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-23 19:58 [LARTC] IPSec tunnel problem Grant Monroe
2004-04-26 15:06 ` Jason A. Pattie [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=408D2584.5040908@pcxperience.com \
--to=pattieja@pcxperience.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.