'Re: [IPCop-user] Routing between VPNs'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipcop-user
Subject:    Re: [IPCop-user] Routing between VPNs
From:       "DLinkOZ" <dlinkoz () oesm ! org>
Date:       2007-03-30 1:31:21
Message-ID: 018d01c7726b$216717a0$643546e0$ () org
[Download RAW message or body]

Worked like a charm.  Thanks.


-----Original Message-----
From: ipcop-user-bounces@lists.sourceforge.net
[mailto:ipcop-user-bounces@lists.sourceforge.net] On Behalf Of David Sims
Sent: Thursday, March 29, 2007 12:21 AM
To: DLinkOZ
Cc: ipcop-user@lists.sourceforge.net
Subject: Re: [IPCop-user] Routing between VPNs

Hi,

  You need to create a second VPN tunnel between A to the address space at
C using B as one end and then create a second VPN tunnel between C to the
address space at A using B as one end..... Forget all the routing stuff as
these new VPN tunnels will make both routes and firewall rules right....
Here's a picture:

  Site A                   Site B                   Site C
192.168.0.0/24         192.168.1.0/24           192.168.4.0/24  <-LAN
xxx.xxx.xxx.xxx        yyy.yyy.yyy.yyy          zzz.zzz.zzz.zzz <-RED

              VPN1--A:B              VPN1--B:C
              VPN2--A:B              VPN2--B:C

Where:
(at A):
VPN1--A:B is 192.168.0.0 -> 192.168.1.0 with remote security GW Y
VPN2--A:B is 192.168.0.0 -> 192.168.4.0 with remote security GW Y
(at B):
VPN1--B:A is 192.168.1.0 -> 192.168.0.0 with remote security GW X
VPN2--B:A 1s 192.168.4.0 -> 102.168.0.0 with remote security GW X
VPN1--B:C is 192.168.1.0 -> 192.168.4.0 with remote security GW Z
VPN2--B:C os 192.168.0.0 -> 192.168.4.0 with remote security GW Z
(at C):
VPN1--C:B is 192.168.4.0 -> 192.168.1.0 with remote security GW Y
VPN2--C:B is 192.168.4.0 -> 192.168.0.0 with remote security GW Y

That way, A knows to send traffic for C to B down the VPN2 tunnel and
vice-versa.... All this begs the question of why don't you just make a VPN
tunnel between A and C... but it is useful to illustrate how to make IPCop
VPN work with OpenVPN.... If you have RoadWarriors connecting to A with
OpenVPN and wanted the traffic to be able to go to the LAN at site C you
would again need two tunnels between each site... One to carry the traffic
between the sites and one to carry traffic destined to/from for the more
distant site....

Dave
************************************************************************
On Wed, 28 Mar 2007, DLinkOZ wrote:

> I have 3 locations - A, B and C.  B has a site-to-site VPN to both A and
C.
> A does NOT have a connection to C.  How would I go about getting A to talk
> to C via B?  Info:
>
> Site A - 192.168.0.0/24
> Site B - 192.168.1.0/24
> Site C - 192.168.4.0/24
>
> I've added a route to IPCop on Site A to point all 192.168.4.0 traffic
> through the gateway on the ipsec0 interface, and vice versa on the Site C
> IPCop, hoping the IPCop at Site B could handle the routing.  No love.
Would
> anyone happen to have any ideas?  Here were my commands:
>
> On Site A - route add -net 192.168.4.0 netmask 255.255.255.0 gw 1.2.3.4
dev
> ipsec0 (obviously, 1.2.3.4 is the actual gateway of the machine.
>
> On Site C - route add -net 192.168.0.0 netmask 255.255.255.0 gw 1.2.3.4
dev
> ipsec0
>
> Thanks for any help that can be provided.
>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> IPCop-user mailing list
> IPCop-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ipcop-user
>

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
IPCop-user mailing list
IPCop-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-user




-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
IPCop-user mailing list
IPCop-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic