|
What sort of VPN are you attaching to GW1? Do devices on that VPN
get a route to 10.2.10.0/24 via 10.1.10.1? Also you will need to set up an extra subnet in your ipsec VPN which shows 172.16.10.0/24 being at GW1. Check out the left/rightsubnets parameter. Are 10.1.10.1 and 10.2.10.1 LAN or WAN IP's in you set up? Perhaps post your conf. Nick On 18/01/2015 16:53, Phil Daws wrote:
Hello all: am trying to get my head around routing across an IPSEC tunnel but its sending me crazy! Here is the layout:GW1: 10.1.10.1 GW2: 10.2.10.1 >From GW1 I can now reach all interfaces on GW2 and vice versa; yippee! Now, if I introduce the VPN which is connected to GW1 with a network of 172.16.10.0/24, and when connected my client receives 172.16.10.2, I am able to reach all nodes on the 10.1.10.0/24 network but nothing at all on the 10.2.10.0/24 network ?!?! Have checked the routing information and that seems correct; I think: 10.2.0.0/16 dev eth0 scope link src 10.1.10.1 172.16.10.0/24 dev tun0 proto kernel scope link src 172.16.10.1 I see it hit the external interface but then does not reach the other side :( 16:52:33.553238 IP 37.XXX.XXX.XXX > 10.2.10.10: ICMP echo request, id 1, seq 262, length 40 Any help would be appreciated please. Thanks, Phil (null) (null) _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan |
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
