Alexander Kotelnikov schrieb:
Ok, I would not ask all this if I have no problem with
tunnelling. With configuration like described above, where multihomed
maches have ip-addresses (192.168.1.1, 10.1.0.1) and (192.168.2.1,
10.2.0.1) tunneling works for all machines, but these two
routers. This happenes becase if we send a packet from 10.1.0.1 into
192.168.2/24 this packet does not come to ipsec, but is pushed to
default gateway, if it exists. In other words, local generated packets
do not come through prerouting or something.
You have to add a route on 10.1.0.1 to make sure packets which belong to
192.168.2.0/24 have
a src address of 192.168.1.1. Then the packet should go through the
ipsec tunnel. Similar route in
the other direction has to be used on 10.2.0.1.
Cheers,
Andreas
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
