From: Sam Sgro (sam_at_freeswan.org)
Date: Tue Dec 24 2002 - 19:08:44 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 24 Dec 2002, Drew McBee wrote:
> The Freeswan machine has one nic. IP# 1.2.3.30 and an alias of 192.168.1.31.
> The netopia has an internal ip# of 192.168.2.1 and external of 4.5.6.1
> The Freeswan machine is behind a firewall with a public ip# 1.2.3.1 and an
> internal alias of 192.168.1.1.
> All vpn protocols and ports are open on the firewall ( 50,51 & port 500 )
> I cannot ping the 192.168.2.0 network from the freeswan machine.
('tis the holidays - quick response, more detailed later if this doesn't fix
it.)
Without an exhaustive read, do you realize that authorizing "net-to-net"
traffic does not explicitly permit "host-to-net" commuication? In short, the
FreeS/WAN server will not be authorized to send packets to the Netopia's
subnet. The only traffic permitted will be from machines on the 192.168.1.0/24
subnet to the 192.168.2.0/24 subnet.
Read this:
http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/adv_config.html#multitunnel
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPgiirkOSC4btEQUtAQEAuwQAurNZEEuf0wS4s2tgkTgCt9EclafI8kVI
0nINsAl6zMNB2hJXG0gpjcXQdjT9/RjqeK0mpqOyJrSXkphaNxsxZJ1JYZci0pKn
/ejJ+TNMI4RcuUvkXuHh5v1ABp3Kq9YXM6lUTmmZs8ia3InEkKqLJF50LrFAoNpu
9QVyvy6XuKE=
=GuPg
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Wed Dec 25 2002 - 05:21:09 CET