Re: IPSec tunnel problem

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Grant Monroe wrote:
| I am attempting to setup a simple network-to-network IPSec tunnel. The
| tunnel appears to be setup correctly because I can make connections
| between the networks and tcpdump shows esp packets going between the two
| gateways. My problem is that I cannot make connections from one gateway
| to the other through the tunnel. I think that this is a routing issue.
| Here is some more info about my network:
|
|                      192.168.1.1    10.0.0.6            10.0.0.9
| 192.168.2.1
| 192.168.1.7                  +-----------+
| +-----------+                   192.168.2.14
| +-----+                      |  Gateway  |                   |  Gateway
| |                      +-----+
| | Foo | -- 192.168.1.0/24 -- |     A     | -- 10.0.0.0/24 -- |     B
| | -- 192.168.2.0/24 -- | Bar |
| +-----+                      +-----------+
| +-----------+                      +-----+
|
| So, for example, Foo can ping Bar, but Gateway A can't ping Gateway B's
| private interface or Bar.
| Thanks for any help.

No problem.  If you are by any chance using FreeS/WAN (or one of its
derivatives) you have to setup 4 tunnel connections.  Subnet-to-Subnet,
Subnet-to-Host, Host-to-Subnet, and Host-to-Host.  There are e-mails in
the FreeS/WAN archives that show how to setup routes in order to
accomplish the same thing, but I like being able to see the actual
tunnels up and know what connections I've defined.  I.e., ipsec eroute
will let you see all 4 tunnels, not just 1 and you have to know that
routes are in place to allow traffic to flow in all 4 directions.

- --
Jason A. Pattie
pattieja@xxxxxxxxxxxxxxxx
Xperience, Inc. (http://www.xperienceinc.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFAjSWEuYsUrHkpYtARAsCEAJ9hsG2y93dvWp8McBlXIzKozzG2EACeIpDH
H6SxFvchlAEVesyA26dpBGM=
=2sYd
-----END PGP SIGNATURE-----


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux