[When posting command output to English mailing lists, please set LC_ALL=C - in this case we all know what the headers emitted by route mean, but that's not always the case]
On Sun, Dec 24, 2006 at 11:33:46AM +0100, roman wrote: > > I'm fairly certain that you do need to setup some masquerading for this to > > work. > > AFAIK masquerading is only needed if one part of the network is not able to > address another directly (with its original IP), which should not be the case > here. So I still hope I can do this with routing (hence the different > subnets) instead of masquerading. Masquerading is not necessary here. > > Also, why use two tunnels > > instead of just one? It seems like you could achieve the same results buts > > with just one tunnel. > > Yes it would be possible to do this with just one tunnel, but doing it with > two has some configuration advantages. This way each VPN server has to know > only how to reach its LAN (and push the corresponding route to its clients). > > But this two tunnel thingy is all based on the assumption that the way of the > pakets can be different in the two directions. I will however test it with > just one tunnel, though I think it should work with two too. What you're trying to say is that it's based on the assumption that assymetric routing is possible. It is possible, but you *must* disable rp_filter for it to work (shorewall refers to this as "route filtering" - I'm not sure why it uses a different name). It's not really a good idea to do this when you don't actually need to - return-path filtering is a useful sanity check against address spoofing. I don't know why you think having two tunnels is easier. One p2p tunnel should be vastly simpler to configure. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
