[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 02512) Re: (KAME-snap 7948) IPsec & tunnel problem
- To: snap-users@xxxxxxxx
- Subject: (usagi-users 02512) Re: (KAME-snap 7948) IPsec & tunnel problem
- From: Ralf Spenneberg <lists@xxxxxxxxxxxxxx>
- Date: 19 Aug 2003 17:38:43 +0200
- Cc: usagi-users@xxxxxxxxxxxxxx
- In-reply-to: <3F423BE3.6020601@logix.cz>
- References: <3F423BE3.6020601@logix.cz>
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- Resent-date: Wed, 20 Aug 2003 00:41:24 +0900
- Resent-from: sekiya@xxxxxxxxxx
- Resent-message-id: <200308200041.FMLAAB14381.usagi-users@linux-ipv6.org>
- Resent-to: usagi-users@xxxxxxxxxxxxxx (moderated)
Hi,
Am Die, 2003-08-19 um 17.01 schrieb Michal Ludvig:
> NetBSD 1.6.1
> ----+-------
> | 10.20.1.16/20 (pcn0), 192.168.16.1/32 (lo0)
> |
> |
> | 10.20.1.28/20 (eth0), 192.168.28.1/32 (lo)
> ----+-------
> Linux 2.6.0-test2
> But when I wanted to make a tunnel between 192.168.16.1/32 and
> 192.168.28.1/32 it didn't work. Racoon was never triggered to create SA
> with the other side (tried to ping 192.168.x.x in both directions, but
> no success).
>
What does your routing table say? Without testing anything I would
suppose the following:
When you ping 192.168.16.1 on the Linux box, the Linux box picks the
10.20.1.28 IP address as source IP address.
Thus the packet would not trigger racoon.
Try the following:
Create a new routing table and a rule whenever a packet goes to
192.168.16.1 it should use that table
Then create a route inside this table, that uses 192.168.28.1 as a
source address.
I have not tested it, so your mileage may vary, but it should work ;-)
Cheers,
Ralf
--
Ralf Spenneberg
RHCE, RHCX
Book: Intrusion Detection für Linux Server http://www.spenneberg.com
IPsec-Howto http://www.ipsec-howto.org
Honeynet Project Mirror: http://honeynet.spenneberg.org