[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02512) Re: (KAME-snap 7948) IPsec & tunnel problem



Hi,

Am Die, 2003-08-19 um 17.01 schrieb Michal Ludvig:

> NetBSD 1.6.1
> ----+-------
>      |  10.20.1.16/20 (pcn0), 192.168.16.1/32 (lo0)
>      |
>      |
>      |  10.20.1.28/20 (eth0), 192.168.28.1/32 (lo)
> ----+-------
> Linux 2.6.0-test2

> But when I wanted to make a tunnel between 192.168.16.1/32 and 
> 192.168.28.1/32 it didn't work. Racoon was never triggered to create SA 
> with the other side (tried to ping 192.168.x.x in both directions, but 
> no success).
> 
What does your routing table say? Without testing anything I would
suppose the following:
When you ping 192.168.16.1 on the Linux box, the Linux box picks the
10.20.1.28 IP address as source IP address.
Thus the packet would not trigger racoon.
Try the following:
Create a new routing table and a rule whenever a packet goes to
192.168.16.1 it should use that table
Then create a route inside this table, that uses 192.168.28.1 as a
source address.

I have not tested it, so your mileage may vary, but it should work ;-)

Cheers,

Ralf
-- 
Ralf Spenneberg
RHCE, RHCX

Book: Intrusion Detection für Linux Server   http://www.spenneberg.com
IPsec-Howto				     http://www.ipsec-howto.org
Honeynet Project Mirror:                     http://honeynet.spenneberg.org