From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Jason A. Pattie" <pattieja@pcxperience.com>
Date: Mon, 26 Apr 2004 15:06:44 +0000
Subject: Re: [LARTC] IPSec tunnel problem
Message-Id: <408D2584.5040908@pcxperience.com>
List-Id: <lartc.vger.kernel.org>
References: <40897577.7050606@janrain.com>
In-Reply-To: <40897577.7050606@janrain.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Grant Monroe wrote:
| I am attempting to setup a simple network-to-network IPSec tunnel. The
| tunnel appears to be setup correctly because I can make connections
| between the networks and tcpdump shows esp packets going between the two
| gateways. My problem is that I cannot make connections from one gateway
| to the other through the tunnel. I think that this is a routing issue.
| Here is some more info about my network:
|
|                      192.168.1.1    10.0.0.6            10.0.0.9
| 192.168.2.1
| 192.168.1.7                  +-----------+
| +-----------+                   192.168.2.14
| +-----+                      |  Gateway  |                   |  Gateway
| |                      +-----+
| | Foo | -- 192.168.1.0/24 -- |     A     | -- 10.0.0.0/24 -- |     B
| | -- 192.168.2.0/24 -- | Bar |
| +-----+                      +-----------+
| +-----------+                      +-----+
|
| So, for example, Foo can ping Bar, but Gateway A can't ping Gateway B's
| private interface or Bar.
| Thanks for any help.

No problem.  If you are by any chance using FreeS/WAN (or one of its
derivatives) you have to setup 4 tunnel connections.  Subnet-to-Subnet,
Subnet-to-Host, Host-to-Subnet, and Host-to-Host.  There are e-mails in
the FreeS/WAN archives that show how to setup routes in order to
accomplish the same thing, but I like being able to see the actual
tunnels up and know what connections I've defined.  I.e., ipsec eroute
will let you see all 4 tunnels, not just 1 and you have to know that
routes are in place to allow traffic to flow in all 4 directions.

- --
Jason A. Pattie
pattieja@xperienceinc.com
Xperience, Inc. (http://www.xperienceinc.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFAjSWEuYsUrHkpYtARAsCEAJ9hsG2y93dvWp8McBlXIzKozzG2EACeIpDH
H6SxFvchlAEVesyA26dpBGM=2sYd
-----END PGP SIGNATURE-----


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/