Linux Advanced Routing and Traffic Control list
 help / color / mirror / Atom feed
From: "Jason A. Pattie" <pattieja@pcxperience.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] IPSec tunnel problem
Date: Mon, 26 Apr 2004 15:06:44 +0000	[thread overview]
Message-ID: <408D2584.5040908@pcxperience.com> (raw)
In-Reply-To: <40897577.7050606@janrain.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Grant Monroe wrote:
| I am attempting to setup a simple network-to-network IPSec tunnel. The
| tunnel appears to be setup correctly because I can make connections
| between the networks and tcpdump shows esp packets going between the two
| gateways. My problem is that I cannot make connections from one gateway
| to the other through the tunnel. I think that this is a routing issue.
| Here is some more info about my network:
|
|                      192.168.1.1    10.0.0.6            10.0.0.9
| 192.168.2.1
| 192.168.1.7                  +-----------+
| +-----------+                   192.168.2.14
| +-----+                      |  Gateway  |                   |  Gateway
| |                      +-----+
| | Foo | -- 192.168.1.0/24 -- |     A     | -- 10.0.0.0/24 -- |     B
| | -- 192.168.2.0/24 -- | Bar |
| +-----+                      +-----------+
| +-----------+                      +-----+
|
| So, for example, Foo can ping Bar, but Gateway A can't ping Gateway B's
| private interface or Bar.
| Thanks for any help.

No problem.  If you are by any chance using FreeS/WAN (or one of its
derivatives) you have to setup 4 tunnel connections.  Subnet-to-Subnet,
Subnet-to-Host, Host-to-Subnet, and Host-to-Host.  There are e-mails in
the FreeS/WAN archives that show how to setup routes in order to
accomplish the same thing, but I like being able to see the actual
tunnels up and know what connections I've defined.  I.e., ipsec eroute
will let you see all 4 tunnels, not just 1 and you have to know that
routes are in place to allow traffic to flow in all 4 directions.

- --
Jason A. Pattie
pattieja@xperienceinc.com
Xperience, Inc. (http://www.xperienceinc.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFAjSWEuYsUrHkpYtARAsCEAJ9hsG2y93dvWp8McBlXIzKozzG2EACeIpDH
H6SxFvchlAEVesyA26dpBGM=2sYd
-----END PGP SIGNATURE-----


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

      reply	other threads:[~2004-04-26 15:06 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-04-23 19:58 [LARTC] IPSec tunnel problem Grant Monroe
2004-04-26 15:06 ` Jason A. Pattie [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=408D2584.5040908@pcxperience.com \
    --to=pattieja@pcxperience.com \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox