Northe, Juergen
2004-Dec-07 10:16 UTC
connection to the other vpn-gateway, change originating ip
Hello ! I have two lans (LAN A & LAN B) connected via freeswan vpn gateways (VPNGW-A & VPNGW-B) over DSL. Logged in at VPNGW-A, I can only connect to the clients *behind* the VPNGW-B but not the VPNGW-B itself. ---- example VPNGW-A# ssh -l remoteuser 172.20.7.1 [IP 80.133.197.130.40523 > 172.20.7.1.ssh: SWE 343226483:343226483(0) win 32440 <mss 16220>] ---- no connection I know that in that case it is not possible to establish such a connection while there is no route back. To establish a ssh connection from VPNGW-A to VPNGW-B I have to use the -b switch from ssh to change my source ip (sender) to my local ip. ---- example VPNGW-A# ssh -l remoteuser -b 172.21.6.6 172.20.7.1 [IP 172.21.6.6.40524 > 172.20.7.1.ssh: SWE 403539461:403539461(0) win 32440 <mss 16220>] ---- works Is it possible to change the originating ip of the VPNGW-A to its internal LAN IP for connections to the internal ip of VPNGW-B (and vice versa)? Actually I need that only for tcp port 25 to transport mails with postfix from VPNGW-A to VPNGW-B over ipsec. Masq seems not to work neither nat. Thank you for any advice! JN
Northe, Juergen
2004-Dec-07 14:10 UTC
Re: connection to the other vpn-gateway, change originating ip
> Masq seems not to work neither nat. > > > Thank you for any advice! > > JN > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >-- Problem solved ! Yes, it works with masq. I had a typing error. JN