Re: FreeSWAN VPN

To: Jeff Waugh <jdub@perkypants.org>
Cc: Maurice Verhagen <maurice@verhagen.org>, debian-isp@lists.debian.org
Subject: Re: FreeSWAN VPN
From: John Ferlito <johnf@inodes.org>
Date: Sun, 15 Jul 2001 16:37:47 +1000
Message-id: <[🔎] 20010715163747.F23140@inodes.org>
In-reply-to: <[🔎] 20010715014657.A435@aphid.net>

On Sun, Jul 15, 2001 at 01:46:58AM +1000, Jeff Waugh wrote:
> <quote who="Maurice Verhagen">
> 
> > The gateways can't ping eachother
> 
> Please read the documentation -> the gateways will *not* be able to ping
> each other. FreeS/WAN only routes the traffic to and from each subnet behind
> the gateway.

Actually the gateways can ping each other if you add something like this
to your ipsec.conf

conn leftgw-rightgw
        left=61.8.3.162
        leftnexthop=%defaultroute
        right=216.14.192.194
        rightnexthop=%defaultroute
        auto=start
        also=keys

Basically to have all machines on both sides being able to talk to each
othe you need 4 connections
leftgw<->leftgw
leftgw<->leftsub
leftsub<->leftgw
leftsub<->leftsub

-- 
John Ferlito
Senior Engineer - Bulletproof Networks
ph: +61 (0) 410 519 382
http://www.bulletproof.net.au/

Reply to:

References:
- Re: FreeSWAN VPN
  - From: Jeff Waugh <jdub@perkypants.org>

Prev by Date: Re: Active Directory Vs GNU
Next by Date: Re: Virtual Hosting and the FHS
Previous by thread: Re: FreeSWAN VPN
Next by thread: Active Directory Vs GNU
Index(es):
- Date
- Thread