RE: [Users] (no subject)

From: Christopher Barry (cbarry_at_infiniconsys.com)
Date: Tue Jan 14 2003 - 08:21:11 CET

Dig it. OK. The problem I see is in routing on the Linux box. You want
to come into it (through the tunnel) and go back out (to the Internet)
through the same physical interface. There may be some routing
mumbo-jumbo that can occur here - possibly with lo - but I'm out of my
depth on this one. Somehow, packets coming in through its ipsec0 have to
then be forwarded out eth0. Hmmm, stream of conciousness here, can you
get two real IPs for this box on different nets, and setup the Linux box
to behave as a router or bridge? Setup ipsec0 to listen on one, and eth0
to listen on another? That *may* work...

Ok gurus, you can chime in at any point now...

-C

On Tue, 2003-01-14 at 02:08, AltDNS.net Support wrote:
> I have successfully established the ipsec link and can ping from any
> OfficeNet machine to the linux gateway. Trying to ping anything beyond
> the Linux box fails. Also pinging any OfficeNET IP from the general
> Internet also fails. You interpretation of my desires is correct.
>
> P.S. - The reason why I added the no ridicule part is because I have
> posted this question many places and most people simply just say I am
> stupid for even trying. If all we wanted was easy and no challenge then
> why would we not all just use Microsloft OS's.
>
>
>
>
> -----Original Message-----
> From: Christopher Barry [mailto:cbarry_at_infiniconsys.com]
> Sent: Tuesday, January 14, 2003 12:05 AM
> To: AltDNS.net Support
> Cc: users_at_lists.freeswan.org
> Subject: Re: [Users] (no subject)
>
> OK. I'll just ridicule your ASCII art then, and well, your grammer could
> use a bit of cleaning up as well. :^}
>
> Correct me if I've misinterpreted: You want all traffic from OfficeNet
> tunneled to the Linux network - with a *single NIC* - and all traffic
> back to - or even straight to OfficeNet from the Internet - to come from
> the Linux box back through the tunnel to OfficeNet.
>
> Q: Do you have a tunnel setup from .41 to the linux host already? Have
> you tried setting the default route of your OfficeNet boxen to the IP
> you've given to your ipsec0 interface? I believe it must be different
> than .41, and I'm seriously wondering about the single NIC in the Linux
> host.
>
> Good Luck,
>
> -C
>
> On Sun, 2003-01-12 at 09:34, AltDNS.net Support wrote:
> > I am trying to do a fairly unusual IPsec tunnel (or at least it must
> be
> > because I can't find any example even closely similar) using FreeS/WAN
> > 1.99 and a Cisco 3620 router. An illustration is as follows:
> >
> >
> > ----------------
> > -------------------------
> > | OfficeNET | -------------------------------- |
> Linux
> > FreeS/WAN box |
> > | 10.69.141.41 | | Cisco 3620 | |
> > |
> > | | |--| Internal 10.69.141.40 |-- Internet --|
> > 10.69.140.62/23 |
> > | 10.69.141.59 | | External Some Other PublicIP | |One
> Nic
> > Card in Machine|-- Internet
> > ---------------- --------------------------------
> > -------------------------
> >
> >
> > Please note that the 10.69.XXX addresses were modified for this
> example.
> > They are publicly routable IP addresses in real life but for security
> > reasons I change them to be 10.XXXXXX addresses. Essentially what I
> want
> > is to have the IP's on the OfficeNET to travel over the tunnel to the
> > Linux FreeS/WAN box and then from the access the internet at large. I
> > also want incoming IP traffic to the OfficeNET IP's to travel over the
> > tunnel to the respective machine. Please note I can not change the IP
> > addresses used and neither can I modify anything related to the
> network
> > / routing on the far right side beyond the Linux box. I reason behind
> > this network setup won't make since to most, but please just help
> figure
> > out how to do with instead of ridiculing the setup.
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users_at_lists.freeswan.org
> > http://lists.freeswan.org/mailman/listinfo/users
>
>
>
>
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.5 : Wed Jan 15 2003 - 20:11:39 CET