[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] Strongswan, non lan routing
From: Andreas Steffen <andreas.steffen () strongswan ! org>
Date: 2007-02-08 22:01:03
Message-ID: 45CB9D9F.4090409 () strongswan ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Hi Mike,
you don't need any additional routing in order to get the packets
from 10.10.0.24 to 1.2.3.4/30.
On the firewall/VPN gateway of the Remote LAN define
conn application
left=<real IP of remote firewall>
leftsubnet=10.10.10.0/24
right=<real IP of primary firewall>
rightsubnet=1.2.3.4/30
The default gateway of all hosts in the 10.10.10.0/24 subnet should
be 10.10.10.1.
On the firewall/VPN gateway of the Primary LAN define
conn application
left=<real IP of primary firewall>
leftsubnet=1.2.3.4/30
right=<real IP of remote firewall>
rightsubnet=10.10.10.0/24
On the firewall of the Primary LAN define the route
ip route add 1.2.3.4/20 via 192.168.24.4
(Firewall 192.168.24.1/24)
Regards
Andreas
Mike wrote:
> Hi there, I have a client who has several branch offices, they are
> adding a system that uses a PC in the main office to create a PPTP
> connection to the Applications host. So, locally I specify a route on
> my gateway to handle this.
>
>
> ip route add 1.2.3.4/20 via 192.168.24.4
> (Firewall 192.168.24.1/24)
>
> 192.168.24.4 is the PC with the PPTP connection.
>
> This works wonderfully for the local lan, however, I'm not sure how to
> route, or what route to set on the remote firewalls to push this traffic
> to the host?
>
> ip route add 1.2.3.4/30 via 192.168.24.4 nexthop 10.10.10.1?
>
> (Assumes the remote locations lan is 10.10.10.1)
>
> --
> Can this be done? Do I need to bring OSPF into the mix?
> Do I need to mark the traffic to/from 1.2.3.4 to be handled by the
> strongswan VPN?
>
>
> A workstaion of 10.10.10.25 should be able to move traffic to 1.2.3.4
> accross the VPN via the host 192.168.24.4
>
>
> |Remote Workstations
> |
> REMOTE LAN
> 10.10.10.0/24
> 10.10.10.1 Firewall
> | Real IP
> |
> | Ipsec Tunnel (StrongSwan)
> |
> | Real IP
> Primary LAN
> 192.168.24.1 Firewall
> 192.168.24.0/24
> |
> | (Application Provider's REAL ip)
> |192.168.24.4 --shared PPTP-- 1.2.3.4/30
> |
> |Other Workstations
>
> _____________________________
> _______________________________________________
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
======================================================================
Andreas Steffen andreas.steffen@strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute of Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
["smime.p7s" (application/x-pkcs7-signature)]
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic