[LARTC] Forward + Routing

[LARTC] Forward + Routing

[Fiorangelo Peluso]

Hi everybody,

My situation is just like below:

Subnet A  <-> GATEWAY A ------- VPN with FREE/SWAN --------- GATEWAY B <-> 
Subnet B

now I have a Subnet C reachable from Subnet B through a gateway on the same 
Subnet B.

Subnet A  <-> GATEWAY A ------- VPN with FREE/SWAN --------- GATEWAY B <-> 
Subnet B <-> GATEWAY B1 (physically on Subnet B) <-> Subnet C

The question is: HOW DO I MAKE SUBNET C REACHABLE FROM SUBNET A?

This is what I tried:

I created a new connection in ipse.conf specifying as leftsubnet just the 
Subnet C. This way I can ping Subnet C from GATEWAY B but not from Subnet 
A.. It seems to me that packets are not routed correctly if they came from 
Subnet A! I already added a route to Subnet C on the GATEWAY B but it seems 
to work only for packets from the Gateway and not for the forwarded packets 
from Subnet A..

Just need help..

Thanks.

Fiorangelo

_________________________________________________________________
Nuovo MSN Messenger 6.1 con sfondi e giochi! http://messenger.msn.it/ 
Provalo subito!

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Forward + Routing

[Damion de Soto]

Hi Fiorangelo,

> Subnet A  <-> GATEWAY A ------- VPN with FREE/SWAN --------- GATEWAY B 
> <-> Subnet B <-> GATEWAY B1 (physically on Subnet B) <-> Subnet C
> The question is: HOW DO I MAKE SUBNET C REACHABLE FROM SUBNET A?
>
> I created a new connection in ipse.conf specifying as leftsubnet just 
> the Subnet C. This way I can ping Subnet C from GATEWAY B but not from 
> Subnet A.. It seems to me that packets are not routed correctly if they 
> came from Subnet A! I already added a route to Subnet C on the GATEWAY B 
> but it seems to work only for packets from the Gateway and not for the 
> forwarded packets from Subnet A..
You'll need a new ipsec.conf connection at GATEWAY A and GATEWAY B for
Subnet A <-> Subnet C, (which I think you did)

Then you need a route ON GATEWAY B TO Subnet C via GATEWAY B1 (which I think you did),
** AND the opposite route back ON GATEWAY B1 TO Subnet A via GATEWAY B **

If that doesn't work, you may need to ask the FreeS/WAN guys since it might be an 
erouting problem on GATEWAY B.

That is assuming there is no NAT or Masquerading occuring anywhere.

Regards,

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Forward + Routing

[Fiorangelo Peluso]

Hi,

>** AND the opposite route back ON GATEWAY B1 TO Subnet A via GATEWAY B **

I already added this route! GATEWAY B1 can send packets to Subnet A 
correctly... Seems just that packets outgoing from ipsec interface are not 
routed anymore towards Subnet C via Gateway B1...

>If that doesn't work, you may need to ask the FreeS/WAN guys since it might 
>be an erouting problem on GATEWAY B.

How?

Thanks


>From: Damion de Soto <damion@snapgear.com>
>To: Fiorangelo Peluso <fiorangelo@hotmail.com>
>CC: lartc@mailman.ds9a.nl
>Subject: Re: [LARTC] Forward + Routing
>Date: Fri, 28 Nov 2003 13:45:34 +1000
>
>Hi Fiorangelo,
>
>>Subnet A  <-> GATEWAY A ------- VPN with FREE/SWAN --------- GATEWAY B <-> 
>>Subnet B <-> GATEWAY B1 (physically on Subnet B) <-> Subnet C
>>The question is: HOW DO I MAKE SUBNET C REACHABLE FROM SUBNET A?
>>
>>I created a new connection in ipse.conf specifying as leftsubnet just the 
>>Subnet C. This way I can ping Subnet C from GATEWAY B but not from Subnet 
>>A.. It seems to me that packets are not routed correctly if they came from 
>>Subnet A! I already added a route to Subnet C on the GATEWAY B but it 
>>seems to work only for packets from the Gateway and not for the forwarded 
>>packets from Subnet A..
>You'll need a new ipsec.conf connection at GATEWAY A and GATEWAY B for
>Subnet A <-> Subnet C, (which I think you did)
>
>Then you need a route ON GATEWAY B TO Subnet C via GATEWAY B1 (which I 
>think you did),
>** AND the opposite route back ON GATEWAY B1 TO Subnet A via GATEWAY B **
>
>If that doesn't work, you may need to ask the FreeS/WAN guys since it might 
>be an erouting problem on GATEWAY B.
>
>That is assuming there is no NAT or Masquerading occuring anywhere.
>
>Regards,
>
>--
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Damion de Soto - Software Engineer  email:     damion@snapgear.com
>SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
>  | Custom Embedded Solutions          fax:         +61 7 3891 3630
>  | and Security Appliances            web: http://www.snapgear.com
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---
>

_________________________________________________________________
MSN Extra Storage: piena libertà di esprimersi e comunicare  
http://www.msn.it/msnservizi/es/?xAPIDS4&DI\x1044&SU=http://hotmail.it/&HL=HMTAGTX_MSN_Extra_Storage

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/