Re: vpn problem..

To: debian-firewall@lists.debian.org
Subject: Re: vpn problem..
From: Phil Dyer <phil.dyer@cox.net>
Date: Thu, 24 Mar 2005 20:56:33 -0500
Message-id: <[🔎] 42436FD1.7060001@cox.net>
In-reply-to: <[🔎] 20050325004308.37105.qmail@web31004.mail.mud.yahoo.com>
References: <[🔎] 20050325004308.37105.qmail@web31004.mail.mud.yahoo.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Mestnik wrote:

> conn rnet-lnet
>    left=1.2.3.4
>    leftsubnet=172.27.27.0/24
>   leftnexthop=1.2.3.1
>    right=9.8.7.6
>    rightsubnet=192.168.1.0/24
>    authby=secret
>    auto=start
> 
> Yes, this workes.
> 
> 
> conn rnet-lserver
>    left=1.2.3.4
>    leftnexthop=1.2.3.1
>    right=9.8.7.6
>    rightsubnet=192.168.1.0/24
>    authby=secret
>    auto=start
> 
>> Instead...
>> route add 9.8.7.6 192.168.1.X
>> This route will use the rnet-lnet VPN to access the 1.2 address of
>> the(any) router on that net, should be added on the 1.2.3.4 host.  From
>> there the pkts will be sent *directly* to the correct computer.

I'm very used to the freeswan KLIPS module with ipsecX virtual
interfaces where our suggestion would *not* work. Not used to the new
v2.6 ipsec stack yet, which I guess you are refering to. I think
iproute2 could do it with klips, but I just found it easier to build a
tunnel and let freeswan do it's work. As with anything, there's more
than one way to do it. :)

And for the record, all of my above configs work. They are routing ~50
tunnels between a dozen nets right now.

- --

/phil

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCQ2/RGbd/rBLcaFwRAteaAJ9x4E/gBqkEqJ3Hi3a+Pqz5L/9bFACgw5op
TavRD4NlsGWhODXG1GZchUY=
=kRrP
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: vpn problem..
  - From: Mike Mestnik <cheako911@yahoo.com>

Prev by Date: Re: vpn problem..
Next by Date: Re: rewriting source and destination of local packets
Previous by thread: Re: vpn problem..
Next by thread: transparent bridge example needed
Index(es):
- Date
- Thread