[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: routing through FreeS/WAN
On Fri, 2003-04-04 at 16:09, Dan Fleischer wrote:
> LEFT
> leftnexthop:63.252.12.1
> WAN:63.252.12.11
> LAN:192.168.1.1, net 192.168.1.0/24
> Internal router 192.168.1.254 is gw to 200.0.14.0/24, a private line to
> our ASP by adding the following rule to iptables to use that default
> route:
>
Some thing's not quite right here...
left = External IP of NIC IPSec will be binding to.
leftnexthop = Gateway for the above IP
leftsubnet = Internal network for this side
leftid = hostname for this machine (doesn't have to be a valid HN)
leftrsasigkey = <rsa code goes here>
--- repeat same concept for "right" side ---
You can also specify exactly which NIC will get the IPSec binding.
interfaces = "ipsec0=eth1"
Make sure both machines have the *exact* same ipsec.conf file. The IPSec
package will be able to tell which machine is what. :)
> How would I configure iptables of FreeS/WAN or both to allow for this?
>
There are options in FreeS/WAN to reload the firewall with adjustments
to it. (but I didn't need them?) :o/
> I've tried to add the following routes individually to the right vpn
> gateway, but was unsuccessful:
> /sbin/route add -net 200.0.14.0 netmask 255.255.255.0 gw 10.4.1.1 ipsec0
> /sbin/route add -net 200.0.14.0 netmask 255.255.255.0 gw 192.168.1.254
> ipsec0
This isn't necessary. The ipsec command has this stuff taken care of.
ipsec auto --add <connection name>
ipsec auto --route <connection name>
ipsec auto --up <connection name>
I hope that helps!
--
Travis
St. Charles LUG
http://www.sluug.org/~stclug/
Indifference:
It Takes 43 muscles to Frown and 17 to Smile, But It Doesn't Take Any To
Just Sit There With A Dumb Look On Your Face.
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.