[Users] client <ipsec> gateway <ipsec> (over internet) <ipsec> gateway

• Next message: D. Hugh Redelmeier: "Re: [Users] Re: [Bugs] FS 1.97 and Virtual IP's"
• Previous message: Mike Thomas: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
• Next in thread: Nate Carlson: "Re: [Users] client <ipsec> gateway <ipsec> (over internet) <ipsec> gateway"
• Reply: Nate Carlson: "Re: [Users] client <ipsec> gateway <ipsec> (over internet) <ipsec> gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I've got a doozy for ya'll.

I have a Network (B) that connects to Network A using freeswan.
Network A serves as a tunnel hub to Network C, D, E, and so on.

Diagram:
Network B <-- ipsec --> Network A <-- ipsec --> Network C (or D or E;
whatever)
(10.10.19.0/24) (10.10.10.0/24) (10.10.11.0/24) (D is
10.10.12.0/24, E is 10.10.13.0/24)

This works great.
Now, I've added some wireless connections in Network B that I want to
connect using ipsec.
This works also.

The problem is that the two configurations do not work together.

Network B knows to connect to Network C because it uses the /16 of
10.10.0.0, using the "Tunnel hub" configuration.
However, I suspect that because of this, it thinks that traffic that is
supposed to go to 10.10.19.0 should go to Network A, instead of staying
local within Network B.

I've attempted to use the iproute2 package to specify traffic destinations,
but I can't find a solution, especially given that I don't know at what
point that freeswan interrupts routing.

Freeswan conf def's are included below.
Any insights, no matter how seemingly irrelevant, would be appreciated.

-g
~~If you're too open minded, your brains will fall out.

----------------------------------------------------------------------

Network B (and C, for that matter, except for some ip changes) conf:

conn netB_netA
        left=55.55.55.55
        leftnexthop=55.55.55.56
        leftsubnet=10.10.0.0/16
        right=11.11.11.11
        rightnexthop=11.11.11.12
        rightsubnet=10.10.19.0/24
        keyingtries=0
        auto=start
        authby=rsasig
        leftrsasigkey=0xasdf1
        rightrsasigkey=0xasdf2

Network A conf:

conn netB_netA
        left=55.55.55.55
        leftnexthop=55.55.55.56
        leftsubnet=10.10.0.0/16
        right=11.11.11.11
        rightnexthop=11.11.11.12
        rightsubnet=10.10.19.0/24
        keyingtries=0
        auto=start
        authby=rsasig
        leftrsasigkey=0xasdf1
        rightrsasigkey=0xasdf2

Network B Local Network conf:
conn netB_local
       authby=secret
       left=10.10.19.1
       leftsubnet=0.0.0.0/0
       right=%any
       auto=add
       keyingtries=1

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: D. Hugh Redelmeier: "Re: [Users] Re: [Bugs] FS 1.97 and Virtual IP's"
• Previous message: Mike Thomas: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
• Next in thread: Nate Carlson: "Re: [Users] client <ipsec> gateway <ipsec> (over internet) <ipsec> gateway"
• Reply: Nate Carlson: "Re: [Users] client <ipsec> gateway <ipsec> (over internet) <ipsec> gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:14 CEST