* [LARTC] IPSec tunnel problem
@ 2004-04-23 19:58 Grant Monroe
2004-04-26 15:06 ` Jason A. Pattie
0 siblings, 1 reply; 2+ messages in thread
From: Grant Monroe @ 2004-04-23 19:58 UTC (permalink / raw)
To: lartc
I am attempting to setup a simple network-to-network IPSec tunnel. The
tunnel appears to be setup correctly because I can make connections
between the networks and tcpdump shows esp packets going between the two
gateways. My problem is that I cannot make connections from one gateway
to the other through the tunnel. I think that this is a routing issue.
Here is some more info about my network:
192.168.1.1 10.0.0.6 10.0.0.9
192.168.2.1
192.168.1.7 +-----------+
+-----------+ 192.168.2.14
+-----+ | Gateway | | Gateway
| +-----+
| Foo | -- 192.168.1.0/24 -- | A | -- 10.0.0.0/24 -- | B
| -- 192.168.2.0/24 -- | Bar |
+-----+ +-----------+
+-----------+ +-----+
So, for example, Foo can ping Bar, but Gateway A can't ping Gateway B's
private interface or Bar.
Thanks for any help.
Grant Monroe
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] IPSec tunnel problem
2004-04-23 19:58 [LARTC] IPSec tunnel problem Grant Monroe
@ 2004-04-26 15:06 ` Jason A. Pattie
0 siblings, 0 replies; 2+ messages in thread
From: Jason A. Pattie @ 2004-04-26 15:06 UTC (permalink / raw)
To: lartc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Grant Monroe wrote:
| I am attempting to setup a simple network-to-network IPSec tunnel. The
| tunnel appears to be setup correctly because I can make connections
| between the networks and tcpdump shows esp packets going between the two
| gateways. My problem is that I cannot make connections from one gateway
| to the other through the tunnel. I think that this is a routing issue.
| Here is some more info about my network:
|
| 192.168.1.1 10.0.0.6 10.0.0.9
| 192.168.2.1
| 192.168.1.7 +-----------+
| +-----------+ 192.168.2.14
| +-----+ | Gateway | | Gateway
| | +-----+
| | Foo | -- 192.168.1.0/24 -- | A | -- 10.0.0.0/24 -- | B
| | -- 192.168.2.0/24 -- | Bar |
| +-----+ +-----------+
| +-----------+ +-----+
|
| So, for example, Foo can ping Bar, but Gateway A can't ping Gateway B's
| private interface or Bar.
| Thanks for any help.
No problem. If you are by any chance using FreeS/WAN (or one of its
derivatives) you have to setup 4 tunnel connections. Subnet-to-Subnet,
Subnet-to-Host, Host-to-Subnet, and Host-to-Host. There are e-mails in
the FreeS/WAN archives that show how to setup routes in order to
accomplish the same thing, but I like being able to see the actual
tunnels up and know what connections I've defined. I.e., ipsec eroute
will let you see all 4 tunnels, not just 1 and you have to know that
routes are in place to allow traffic to flow in all 4 directions.
- --
Jason A. Pattie
pattieja@xperienceinc.com
Xperience, Inc. (http://www.xperienceinc.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFAjSWEuYsUrHkpYtARAsCEAJ9hsG2y93dvWp8McBlXIzKozzG2EACeIpDH
H6SxFvchlAEVesyA26dpBGM=2sYd
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-04-26 15:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-04-23 19:58 [LARTC] IPSec tunnel problem Grant Monroe
2004-04-26 15:06 ` Jason A. Pattie
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox