[strongSwan] virtual interfaces for net to net tunneling (is it possible?)
Anthony Moon
amoon at ezp.net
Wed Nov 3 20:40:37 CET 2010
I want to be able to connect to hosts on an internal LAN.. but I'm using a
virtual interface to route this machines together, let me explain with some
more verbose information..
This is my VPN gateway, a linux machine with 1 NIC..
eth0 Link encap:Ethernet HWaddr 00:16:3E:05:AA:90
inet addr:66.199.171.245 Bcast:66.199.171.255 Mask:255.255.255.0
eth0:0 Link encap:Ethernet HWaddr 00:16:3E:05:AA:90
inet addr:192.168.100.181 Bcast:192.168.100.255
Mask:255.255.255.0
I want to be able to access hosts on 192.168.100.0/24 via a VPN connection
to my windows 7 box at home..
Here is my ipsec config:
config setup
plutostart=no
interfaces=%defaultroute
conn %default
keyexchange=ikev2
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
dpdaction=clear
dpddelay=300s
rekey=no
conn win7
left=%any
leftsubnet=0.0.0.0/0
leftauth=pubkey
leftcert=vpnCert.pem
leftid=@tony1.ezp.net
right=%any
rightsourceip=192.168.100.0/24
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
auto=add
Currently this is working for accessing the VPN gateway on It's internal
IP.. but I can't access 192.168.100.10 for example.
Is the reason for this the fact that I am using a virtual interface for my
192.168.100.* IPs?
Also, I can't ping 192.168.100.181 (VPN gateway internal IP) if my
rightsourceip is set to anything other than "192.168.100.0/24" - why is
this?
--
Anthony Moon
EZProvider Networks, Inc.
http://ezp.net
1.888.397.7853 x203
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101103/39af5c33/attachment.html>
More information about the Users
mailing list