Curtis Vaughan wrote:
It still seems to me that something is wrong. I think there is a problem as far as the following is concerned.Jamin W. Collins wrote:On Fri, 05 Jul 2002 11:20:44 -0700 Curtis Vaughan <curtis@npc-usa.com> wrote:I have tons of literature concerning the Subject of this letter, as well as some responses from people on this list, and I have come to the conclusion that I am totally confused.(snip)conn NPC-USA # Left security gateway, subnet behind it, next hop toward right. left=10.0.1.10The above should be the the external IP of this side. In this case: 64.7.20.137leftsubnet=10.0.1.0/24 leftnexthop=64.7.20.137The above should be the IP of the first system a packet from 64.7.20.137 would have to pass through to reach the other side of the tunnel.So, are these the DNS servers of my ISP? Or how do I determine what the IP is of the "first system" ?# Right security gateway, subnet behind it, next hop toward left. right=10.0.0.1 rightsubnet=10.0.0.0/24 rightnexthop=202.107.20.30The same changes should be made to the above settings.
Let's go back to my left network.The VPN host is behind a firewall, where NAT is also performed. Therefore, the VPN host does not have, what I'll call a true public IP address. As far as it knows it's address is merely 10.0.1.10.
So, when I restart the network, eth0 is 10.0.1.10 and ipsec0 is 10.0.1.10. Isn't this a conflict of sorts? Whereas on the right network, ppp0 is 202.107.20.30 and ipsec0 is 202.107.20.30
Curtis --To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org