On Monday 06 May 2002 21:24, Teemu Torma wrote:
> On Monday 06 May 2002 18:58, ipsec_at_timehost.net wrote:
> > I'm running ipsec connections from machine to machine (xp to xp & xp to
> > linux)within my private network. This works fine, but now I want the
> > machines to connect to the internet using nat on a gateway machine. The
> > packets seem to get out to the internet, however when they return to the
> > gateway, they do not return to the originating host.
>
> I did set up similiar thing couple of months ago and had similiar problem.
> If I remember correctly, the trouble was missing routing entry in the
> gateway machine to the machine behind the firewall, causing the returning
> packets not being routed through the ipsec tunnel.
>
> I can't remember exactly what the non-working configuration was, but at
> least specific connection for the private ip works in the gateway.
I hate replying to my own mails, but I suddenly remembered the problem.
If you have only host to host tunnel between the private ip and gateway, the
packets going from private ip to internet will go through normal network
interface, but the return packets are routed though ipsec since the gateway
has routing entry for private ip machine.
The solution (all freeswan machines) was to have one host to gateway
connection and one host to world connection through the gateway.
A private freeswan host needs something like:
conn to-gateway
left=%defaultroute
right=<gateway private ip>
conn to-gateway-net
left=%defaultroute
right=<gateway private ip>
rightsubnet=0.0.0.0/0
Teemu
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST