Re: [Users] need help with ip forwarding

From: Sam Sgro (sam_at_freeswan.org)
Date: Tue Jul 30 2002 - 17:36:13 CEST

• Next message: Revista Viver Psicologia: "*****SPAM***** [Users] Para o educador a psicologia é muito mais que uma ferramenta de trabalho"
• Previous message: csattlers: "[Users] (no subject)"
• In reply to: David Monk: "[Users] need help with ip forwarding"
• Next in thread: David Monk: "Re: [Users] need help with ip forwarding"
• Reply: David Monk: "Re: [Users] need help with ip forwarding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 31 Jul 2002, David Monk wrote:

> >From the reading and searching I have done, I appearently have a fairly
> unique setup. I am using Freeswan connecting from home to my corporate LAN,
> to a Cisco 3660. Normal host to LAN tunnel works perfectly so far. I want to
> expand my setup to allow more than one system at my home to come across the
> tunnel. All my systems, including the one creating the tunnel are behind a
> NAT firewall.
> Here's the setup, basically:
>
> corp wan ----- internet ------- NAT router -- gateway system
>
> My ipsec.conf in normal configuration for the one client works fine, with:
>
> conn corp
> type=tunnel
> left=%defaultroute
> right=xxx.xxx.xxx.xxx
> rightsubnet=yyy.yyy.yyy.0/24
> keyexchange=ike
> auth=esp
> authby=secret
> lifetime=8h
> keylife=1h
> pfs=no
> spi=0x500
> esp=3des-md5-96
> auto=start
>
> I tried just adding, leftsubnet=zzz.zzz.zzz.0/24 to the above to get my home
> net routing through the gateway system. ip forwarding is enabled. When I do
> this, the subnet can route back and forth, but the gateway system cannot.
> With the leftsubnet directive removed, and nothing else changed, the gateway
> system can route back and forth fine.
> Any help in making this work would be greatly appreciated.

You need to create two tunnels in this instance; one with just the "right"
parameter, and the second with "right" and "rightsubnet". You should be able
to communicate with both the gateway and the subnet behind it.

See doc/adv_config.html#multitunnel for more information.

Sam Sgro
sam_at_freeswan.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBPUayb0OSC4btEQUtAQFLSAQAkeAR8SmtwbReJRz5f6ZLNaOfXvkcCeoN
Rxhs+NjlAkzq/cTqAbOejlbubpvmE+ptnoj52DXz0fyDVD4moR01jW4wZaaydEg0
69blDacOyKjrqE2wS2ktYXyCgjDw3N4AT5F3H2/BqVZvkSt4Xq/0Tvras0Ib/lT/
x7zi05q709U=
=ZNMK
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Revista Viver Psicologia: "*****SPAM***** [Users] Para o educador a psicologia é muito mais que uma ferramenta de trabalho"
• Previous message: csattlers: "[Users] (no subject)"
• In reply to: David Monk: "[Users] need help with ip forwarding"
• Next in thread: David Monk: "Re: [Users] need help with ip forwarding"
• Reply: David Monk: "Re: [Users] need help with ip forwarding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 05 2002 - 21:01:35 CEST