--- Ari�n Huisken <[EMAIL PROTECTED]> wrote:
> Thanks for sharing your config. I think I'm
missing
> the ipsec0 interface part. We'll try it out.
When it works, would you send your openswan config
here?
--
Ari�n Huisken
Xilay Software
Gladly.
/etc/ipsec.conf: (same for both sides)
conn south
auto=start
left=xxx.xxx.xxx.xxx # head office's public IP
leftrsasigkey=0sAQN... # ipsec showhostkey --left
leftsubnet=192.168.2.0/24
[EMAIL PROTECTED]
leftnexthop=%defaultroute
right=xxx.xxx.xxx.xxx # branch office's public IP
rightsubnet=192.168.8.0/24
[EMAIL PROTECTED]
rightnexthop=%defaultroute
rightrsasigkey=0sAQN... # ipsec showhostkey --right
When I added the ipsec0 entries (interface + 2 router
declarations) in my firehol.conf things worked. Well,
things worked for the clients on both ends, but each
gateway could not use the tunnel. Not really
important to me as the gateway machines run unattended
and any clients on both sides can ssh into any of the
two firewall/gateways when necessary.
That's correct, because the tunnel is made between the two local subnets, not
the public ones. So if you want to ping from gateway 1 to gateway 2, you have
to define to use the internal interface, so the tunnel will route the traffic,
otherwise it will try to use your normal default router:
ping -I eth0 192.168.8.xx
--
Ari�n Huisken
Xilay Software
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss
