Peter Rundle <[email protected]> writes:
[... IPSec VPN "site to site" configuration ...]
> Thanks for the info, that's helped to clear things up. I think I've
> got a reasonable shot at making this work. Will look into the idea of
> assigning a secondary address to the VPN link and setting it as the
> preferred source IP. That makes sense and is probably cleaner than
> setting up a source nat, I just didn't know that the VPN software
> could do that.
The IPSec software can't, as such. Once you have the VPN tunnel
established you can use the stock-standard Linux routing tools to
configure the preferred source address to use for communicating to a
remote subnet.
> Also searched and found some more info on openVpn vs IPSEC and yes
> agree entirely, openVPN uses a different protocol and is the wrong
> tool.
Wait until after you get ISAKMP and IPSec routing working, /then/ say it
is the wrong tool. ;)
More seriously, it isn't the tool for this job, because Juniper use
IPSec, but it is a good general VPN solution where you control both ends
of the deployment, or have a cooperative remote.
Regards,
Daniel
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
