-----BEGIN PGP SIGNED MESSAGE-----
> I have the following setup...
>
>snip<
>
> I have 2 VPNs set up one which goes 10.1.10.0/24 <-> 10.0.0.0/8 to connect the branch office to the main office, and one which goes $subnet <-> 10.1.10.139/32 to connect the wireless client to the rest of the corporate LAN.
>
> If I set $subnet to 10.1.10.0/24 then I can see the branch office clean LAN from the wireless client as you might expect, and can successfully ping 10.1.10.1
Your use of "$subnet" is confusing here, and I'm not precisely sure what
you're referring to; perhaps you could supplement this by posting ipsec.conf,
so we can get a better idea of your tunnel structure.
However, if you've got a VPN tunnel on the freeswan box to subnet 10.0.0.0/8,
then it looks as if the problem is that FreeS/WAN believes packets
destined for 10.1.10.139 should travel down that tunnel, as that subnet
encompasses the packet's destination. The basic problem is that
subnets that are VPN'd together should not overlap, or at least not appear
to - it causes strange routing issues (like the one you are experiencing).
Does the head office use the 10.1.10 subnet? My guess would be probably not,
as you've not mentioned any problems the clean LAN has communicating with
head office. Is there a better way to describe the head office LAN's network setup
to avoid this confusion (perhaps resorting to multiple tunnels if need be)?
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPOAwwEOSC4btEQUtAQHa1gP/WKfDfxyTOTKrjmLUWxhDko1BqZ+ChsT4
R/VREL+XesjHBt1iG4MZq1aeOpXi3xhxTW+onG/A/1otbZ1WLLh+IbpYZVlHyYL4
FCC/kyHZM/9zNdYs/iaF3iHeR1QCvcvmryu8HeFjOFcucaPTBEFWM0jTHszyM/l+
cW86TnQtbsY=
=weAs
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST