Thank you, In the end, most of the problems have been solved using a combination of transport mode rather than tunnel mode of IPsec. The iptables might be a good solution to solve the remaining ones. Thanks for the tip. -----Ursprüngliche Nachricht----- Von: openh323gk-users-admin@lists.sourceforge.net [mailto:openh323gk-users-admin@lists.sourceforge.net] Im Auftrag von melwin@mailbg.com Gesendet: Dienstag, 9. Dezember 2003 07:31 An: openh323gk-users@lists.sourceforge.net Cc: durrey@zeus.nt.op.dlr.de Betreff: Re: Problem using gnugk through an IPSEC tunnel Hi, You are trying to use some complex setup no doubt about it. I'm pretty shure that this cant be done in the standart Gk config - perhaps you should try some iptables magic in order to make things working your way. > Hi everybody, > > I have been using gnugk for some time now to transfer some H323 traffic > between two gatekeepers (coming from a GSM gateway on one side and going > to an ISDN gateway on the other side). The IP architecture is as > follows: > > 192.168.0.5 GSM Gateway > | > | Ethernet link > | > 192.168.0.1 (subnet 192.168.0.0) > Gatekeeper 1 > 192.168.3.1 > | > | ISDN Link > | > 192.168.3.2 > Gatekeeper 2 > ISDN gateway on same machine (with public IP address a.b.c.d) > > And everything has been working fine. > > Now I want to add an IPSEC tunnel on my ISDN link between 192.168.3.1 > and 192.168.3.2. The problem is that both gatekeepers (in routed & proxy > mode) send packets to each other with their IP address on the ISDN line > (3.1 and 3.2 respectively). The result is that these packets cannot go > through the IPSEC tunnel (looking only at the subnets 192.168.0.0 and > a.b.c.0) and they usually get blocked preventing the communication. > > My question is therefore: How can I force the the gatekeepers to > communicate to each other as though they were 192.168.0.1 and a.b.c.d > respectively. > I have tried using: > 192.168.0.1=Gatekeeper1;1 > and > a.b.c.d=Gatekeeper2;0 > in the [RasSrv::PermanentEndpoints] of the config files but it doesn´t > work > (surprisingly, the packets are sent from a.b.c.d to 192.168.3.1) > > I cannot use the work-around solution usually recommended when using > IPSEC: using 2 other machines/routers to serve as gateways, because I am > limited in weight and volume for my application. > So if anybody has any experience using gnugk with IPSEC tunnels and/or > knows how to force these addresses, help will be greatly appreciated. > > Thanks ! > > Florent Durrey > > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > _______________________________________________ > List: Openh323gk-users@lists.sourceforge.net > Archive: http://sourceforge.net/mailarchive/forum.php?forum_id?49 > Homepage: http://www.gnugk.org/ ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/ ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id?49 Homepage: http://www.gnugk.org/
