Hi everybody, My situation is just like below: Subnet A <-> GATEWAY A ------- VPN with FREE/SWAN --------- GATEWAY B <-> Subnet B now I have a Subnet C reachable from Subnet B through a gateway on the same Subnet B. Subnet A <-> GATEWAY A ------- VPN with FREE/SWAN --------- GATEWAY B <-> Subnet B <-> GATEWAY B1 (physically on Subnet B) <-> Subnet C The question is: HOW DO I MAKE SUBNET C REACHABLE FROM SUBNET A? This is what I tried: I created a new connection in ipse.conf specifying as leftsubnet just the Subnet C. This way I can ping Subnet C from GATEWAY B but not from Subnet A.. It seems to me that packets are not routed correctly if they came from Subnet A! I already added a route to Subnet C on the GATEWAY B but it seems to work only for packets from the Gateway and not for the forwarded packets from Subnet A.. Just need help.. Thanks. Fiorangelo _________________________________________________________________ Nuovo MSN Messenger 6.1 con sfondi e giochi! http://messenger.msn.it/ Provalo subito! _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi Fiorangelo,> Subnet A <-> GATEWAY A ------- VPN with FREE/SWAN --------- GATEWAY B > <-> Subnet B <-> GATEWAY B1 (physically on Subnet B) <-> Subnet C > The question is: HOW DO I MAKE SUBNET C REACHABLE FROM SUBNET A? > > I created a new connection in ipse.conf specifying as leftsubnet just > the Subnet C. This way I can ping Subnet C from GATEWAY B but not from > Subnet A.. It seems to me that packets are not routed correctly if they > came from Subnet A! I already added a route to Subnet C on the GATEWAY B > but it seems to work only for packets from the Gateway and not for the > forwarded packets from Subnet A..You''ll need a new ipsec.conf connection at GATEWAY A and GATEWAY B for Subnet A <-> Subnet C, (which I think you did) Then you need a route ON GATEWAY B TO Subnet C via GATEWAY B1 (which I think you did), ** AND the opposite route back ON GATEWAY B1 TO Subnet A via GATEWAY B ** If that doesn''t work, you may need to ask the FreeS/WAN guys since it might be an erouting problem on GATEWAY B. That is assuming there is no NAT or Masquerading occuring anywhere. Regards, -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@snapgear.com SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi,>** AND the opposite route back ON GATEWAY B1 TO Subnet A via GATEWAY B **I already added this route! GATEWAY B1 can send packets to Subnet A correctly... Seems just that packets outgoing from ipsec interface are not routed anymore towards Subnet C via Gateway B1...>If that doesn''t work, you may need to ask the FreeS/WAN guys since it might >be an erouting problem on GATEWAY B.How? Thanks>From: Damion de Soto <damion@snapgear.com> >To: Fiorangelo Peluso <fiorangelo@hotmail.com> >CC: lartc@mailman.ds9a.nl >Subject: Re: [LARTC] Forward + Routing >Date: Fri, 28 Nov 2003 13:45:34 +1000 > >Hi Fiorangelo, > >>Subnet A <-> GATEWAY A ------- VPN with FREE/SWAN --------- GATEWAY B <-> >>Subnet B <-> GATEWAY B1 (physically on Subnet B) <-> Subnet C >>The question is: HOW DO I MAKE SUBNET C REACHABLE FROM SUBNET A? >> >>I created a new connection in ipse.conf specifying as leftsubnet just the >>Subnet C. This way I can ping Subnet C from GATEWAY B but not from Subnet >>A.. It seems to me that packets are not routed correctly if they came from >>Subnet A! I already added a route to Subnet C on the GATEWAY B but it >>seems to work only for packets from the Gateway and not for the forwarded >>packets from Subnet A.. >You''ll need a new ipsec.conf connection at GATEWAY A and GATEWAY B for >Subnet A <-> Subnet C, (which I think you did) > >Then you need a route ON GATEWAY B TO Subnet C via GATEWAY B1 (which I >think you did), >** AND the opposite route back ON GATEWAY B1 TO Subnet A via GATEWAY B ** > >If that doesn''t work, you may need to ask the FreeS/WAN guys since it might >be an erouting problem on GATEWAY B. > >That is assuming there is no NAT or Masquerading occuring anywhere. > >Regards, > >-- >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >Damion de Soto - Software Engineer email: damion@snapgear.com >SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 > | Custom Embedded Solutions fax: +61 7 3891 3630 > | and Security Appliances web: http://www.snapgear.com >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > --- Free Embedded Linux Distro at http://www.snapgear.org --- >_________________________________________________________________ MSN Extra Storage: piena libertà di esprimersi e comunicare http://www.msn.it/msnservizi/es/?xAPID=534&DI=1044&SU=http://hotmail.it/&HL=HMTAGTX_MSN_Extra_Storage _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/