From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andreas Unterkircher <unki@netshadow.at>
Date: Mon, 05 Dec 2005 05:08:30 +0000
Subject: Re: [LARTC] IPSec tunnel and routing
Message-Id: <4393CB4E.8050707@netshadow.at>
List-Id: <lartc.vger.kernel.org>
References: <877jakjpt0.fsf@vinci.loc>
In-Reply-To: <877jakjpt0.fsf@vinci.loc>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Alexander Kotelnikov schrieb:
> Ok, I would not ask all this if I have no problem with
> tunnelling. With configuration like described above, where multihomed
> maches have ip-addresses (192.168.1.1, 10.1.0.1) and (192.168.2.1,
> 10.2.0.1) tunneling works for all machines, but these two
> routers. This happenes becase if we send a packet from 10.1.0.1 into
> 192.168.2/24 this packet does not come to ipsec, but is pushed to
> default gateway, if it exists. In other words, local generated packets
> do not come through prerouting or something.
>   
You have to add a route on 10.1.0.1 to make sure packets which belong to 
192.168.2.0/24 have
a src address of 192.168.1.1. Then the packet should go through the 
ipsec tunnel. Similar route in
the other direction has to be used on 10.2.0.1.

Cheers,
Andreas

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc