IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Routing between 2 RoadWarrior subnets

From: Linas Vepstas (linas_at_linas.org)
Date: Tue Jun 25 2002 - 22:04:49 CEST

On Tue, Jun 25, 2002 at 12:18:40PM +0200, Norbert Langermann was heard to remark:
>
> Hi all,
>
> first, thank you for the help, I finally managed to get a secure connection to
> work. Now I have another problem: I have two road warriors with subnets
> behind them and want to route between the subnets:
>
> [norbert]
> (192.168.0.0/24)-----eth0(192.168.0.1 / dynIP0)ppp0/ipsec0
> ||
> ||
> [server](se.r.v.er)eth0/ipsec0
> ||
> ||
> (192.168.1.0/24)-----eth0(192.168.1.1 / dynIP1)ppp0/ipsec0
> [malte]
>
> The connections from the routers to the server work (dynIPx to se.r.v.er), as
> well as the connections from the subnets to the server. Even the pings from
> se.r.v.er to 192.168.x.1 work.

Once you've build the tunnels, you have a 'standard' lan network, and the
usual routing rules & concerns apply.

You can build static routes: on the server, type:

route add -net 192.168.1.0/24 gw 192.168.1.1 dev ipsec0
route add -net 192.168.0.0/24 gw 192.168.0.1 dev ipsec0

That should solve the problem.

If you have lots of subnets, and want to overkill, you can start running
a real router (to handle the routes dynamically if/when the various subnets
come up and go down).

--linas 

-- 
pub  1024D/01045933 2001-02-01 Linas Vepstas (Labas!) <linas_at_linas.org>
PGP Key fingerprint = 8305 2521 6000 0B5E 8984  3F54 64A9 9A82 0104 5933
_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST