Hello, Looking here http://www.ipsec-howto.org/x299.html I''ve set up a vpn in transport mode with two linux boxes. I''m now trying to set it up in tunnel mode. After using the example keys, trying to ping, it doesn''t work because the route network isn''t routable. This mention is in the howto "If you tunnel is not working, please check your routing. Your hosts need to know that they should send the packets for the opposite network to you vpn gateway. The easiest setup would be using your vpn gateway as default gateway." But how does one set up a route like that, since the network is multiple hops away, the route command isn''t going to accept it? [root@vmware-espresso1 ~]# route add -net 172.16.113.0 netmask 255.255.255.0 gw 10.33.15.145 SIOCADDRT: Network is unreachable Some help please. Mike -- Michael P. Soulier <michael_soulier@mitel.com>, 613-592-2122 x2522 "Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction." --Albert Einstein
Hello there, it does not matter what type of network you are trying to reach, the Network unreachable error message suggests, that the router does not know on which interface(physical) to forward the packets with destination -net ! Before the lane you wrote, try this: route add -net xx.xx.xxx.xxx dev YOURDEVICE YOURDEVICE will be the device that the network is connected to the router via. If it is a sit tunnel, then YOURDEVICE = sit0. HTH, -Nikolay Kichukov Michael P. Soulier wrote:> Hello, > > Looking here > > http://www.ipsec-howto.org/x299.html > > I''ve set up a vpn in transport mode with two linux boxes. I''m now trying to > set it up in tunnel mode. After using the example keys, trying to ping, it > doesn''t work because the route network isn''t routable. > > This mention is in the howto > > "If you tunnel is not working, please check your routing. Your hosts need to > know that they should send the packets for the opposite network to you vpn > gateway. The easiest setup would be using your vpn gateway as default > gateway." > > But how does one set up a route like that, since the network is multiple hops > away, the route command isn''t going to accept it? > > [root@vmware-espresso1 ~]# route add -net 172.16.113.0 netmask 255.255.255.0 > gw 10.33.15.145 > SIOCADDRT: Network is unreachable > > Some help please. > > Mike
On 22/01/07 Michael P. Soulier did say:> This mention is in the howto > > "If you tunnel is not working, please check your routing. Your hosts need to > know that they should send the packets for the opposite network to you vpn > gateway. The easiest setup would be using your vpn gateway as default > gateway." > > But how does one set up a route like that, since the network is multiple hops > away, the route command isn''t going to accept it?Brain fart. This was written for the clients on the private networks being connected. It seemed like it was written for the vpn gateways. The policy seems sufficient for routing, although I had expected the more traditional routing tools to play a part. Mike -- Michael P. Soulier <michael_soulier@mitel.com>, 613-592-2122 x2522 "Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction." --Albert Einstein