From: ipseclist_at_warpenguin.com
Date: Sat Aug 31 2002 - 04:47:48 CEST
I'm trying to secure a wireless connection with freeswan. My setup is as
follows:
router:
10.0.0.1 interface (insecure network, masq allowed from 10.0.0.x
hosts to internet, shaped)
10.0.1.1 interface (same physical network as above, no masq allowed, ipsec
ports allowed)
192.168.2.1 interface (private network, masq allowed to internet, 10 nets)
external ip interface.
basically you throw in your wireless card and get a 10.0.0.x dhcp address
and you can access the internet at a regulated rate. If you change your
address to 10.0.1.x, you can ipsec into 10.0.1.1, and you have access to
the internet at unregulated speed and *should* have access to the 192 net.
the internet stuff works great, but the 192 stuff is giving me issues. I
can ping 192.168.2.3 from 10.0.1.2 via the ipsec interface and i get
responses. If I try to ping 10.0.1.2 from the 192.168.2.3, i get no ping
replies.
a dump of the network shows that the pings are hitting the 10.0.1.2
machine, but the machine is sending the replys out unencrypted to the
router and so they don't get back to the machine.
Here's my ipsec.conf from the 10.0.1.2 machine (similar on router)B:
conn intranet
left=%defaultroute
leftsubnet=
leftnexthop=
right=10.0.1.1
rightsubnet=192.168.2.0/24
rightnexthop=
auto=add
authby=rsasig
leftid=<id>
rightid=<id>
leftrsasigkey=<key>
rightrsasigkey=<key>
anyone have any ideas?
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Sat Aug 31 2002 - 07:19:54 CEST