I have the following scenario:
Two subnets, two ipsec vpn servers using openswan.
Vpn server 1 192.168.10.1,10.10.1.1
Vpn Server 2 192.168.30.1, 10.30.1.1
I can ping 192.168.10.1 -> 30.1, but cannot ping 10.10.1.1 -> 10.30/16 ,
but can ping from 10.30.1.10 {any system not the vpn box} to 10.10.1.1}
Is this how the SA dictates the vpn or is it a routing thing.
I noticed that if I ping from 10.10.1.1 to an 10.30/16 address, the
packets are sent over the ipsecX but with an 192.168.10.1 as a source
address.
I should I see this, I thought the SA would only tunnel 10.10/16 <->
10.30/16 traffic?
Is there a way I can allow for the vpn systems to use its internal
source address?
Thx jason
conn S1toS16
left=192.168.10.1
leftnexthop=192.168.10.254
leftsubnet=10.10.0.0/16
right=192.168.30.1
rightnexthop=192.168.30.254
rightsubnet=10.30.0.0/16
auto = start
