Re: ipsec with default route and routing of internal networks

2021-10-05 Thread Hrvoje Popovski
On 14.9.2021. 13:12, Hrvoje Popovski wrote: > On 13.9.2021. 15:52, Stuart Henderson wrote: >> On 2021-09-13, Hrvoje Popovski wrote: >>> On 13.9.2021. 14:08, Tom Smyth wrote: Can you do  an exception for the ranges ...  so internet - private ips you dont want over the tunnel) ik

Re: ipsec with default route and routing of internal networks

2021-09-14 Thread Hrvoje Popovski
On 13.9.2021. 15:52, Stuart Henderson wrote: > On 2021-09-13, Hrvoje Popovski wrote: >> On 13.9.2021. 14:08, Tom Smyth wrote: >>> Can you do  an exception for the ranges ...  so internet - private ips >>> you dont want over the tunnel) >>> >>> ike esp from 10.90.0.0/24 to any

Re: ipsec with default route and routing of internal networks

2021-09-13 Thread Stuart Henderson
On 2021-09-13, Hrvoje Popovski wrote: > On 13.9.2021. 14:08, Tom Smyth wrote: >> Can you do  an exception for the ranges ...  so internet - private ips >> you dont want over the tunnel) >> >> ike esp from 10.90.0.0/24 to any encrypt   >> and  >> >>  10.90.0.0/24

Re: ipsec with default route and routing of internal networks

2021-09-13 Thread Hrvoje Popovski
On 13.9.2021. 14:08, Tom Smyth wrote: > Can you do  an exception for the ranges ...  so internet - private ips > you dont want over the tunnel) > > ike esp from 10.90.0.0/24 to any encrypt   > and  > >  10.90.0.0/24 to   NOT  [networks you dont want > o

Re: ipsec with default route and routing of internal networks

2021-09-13 Thread Tom Smyth
Can you do an exception for the ranges ... so internet - private ips you dont want over the tunnel) ike esp from 10.90.0.0/24 to any encrypt and 10.90.0.0/24 to NOT [networks you dont want over the tunnel) ? On Mon, 13 Sept 2021 at 13:02, Hrvoje Popovski wrote: > Hi, > > On 13.9.2021. 1

Re: ipsec with default route and routing of internal networks

2021-09-13 Thread Hrvoje Popovski
Hi, On 13.9.2021. 12:58, Tom Smyth wrote: > Hi Hrvoje,  > > is 10.90.0.0/24 local to your firewall, and if I > understand your rule, > ike esp from 10.90.0.0/24  to any    you are saying   > encrypt all traffic comming from 10.90.0.0/24

Re: ipsec with default route and routing of internal networks

2021-09-13 Thread Tom Smyth
Hi Hrvoje, is 10.90.0.0/24 local to your firewall, and if I understand your rule, ike esp from 10.90.0.0/24 to anyyou are saying encrypt all traffic comming from 10.90.0.0/24 should the tunnel be more specific ? like from 10.90.0.0/24 to another network across the tunnel ike esp from 10.90

ipsec with default route and routing of internal networks

2021-09-13 Thread Hrvoje Popovski
Hi all, I have a firewall that routes few internal networks, 10.90/24, 10.91/24, 10.92/24. And i have some static routes to other firewalls, but i don't think that is relevant to this problem. For network 10.90/24 i have ipsec tunnel, and i need to push any traffic from that network to the intern