[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    Re: [strongSwan] Strongswan, non lan routing
From:       Andreas Steffen <andreas.steffen () strongswan ! org>
Date:       2007-02-08 22:01:03
Message-ID: 45CB9D9F.4090409 () strongswan ! org
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Hi Mike,

you don't need any additional routing in order to get the packets
from 10.10.0.24 to 1.2.3.4/30.

On the firewall/VPN gateway of the Remote LAN define

conn application
      left=<real IP of remote firewall>
      leftsubnet=10.10.10.0/24
      right=<real IP of primary firewall>
      rightsubnet=1.2.3.4/30

The default gateway of all hosts in the 10.10.10.0/24 subnet should
be 10.10.10.1.

On the firewall/VPN gateway of the Primary LAN define

conn application
      left=<real IP of primary firewall>
      leftsubnet=1.2.3.4/30
      right=<real IP of remote firewall>
      rightsubnet=10.10.10.0/24

On the firewall of the Primary LAN define the route

ip route add  1.2.3.4/20 via 192.168.24.4
(Firewall 192.168.24.1/24)

Regards

Andreas

Mike wrote:
> Hi there,  I have a client who has several branch offices,  they are
> adding a system that uses a PC in the main office to create a PPTP
> connection to the Applications host.  So, locally I specify a route on
> my gateway to handle this.
> 
> 
> ip route add  1.2.3.4/20 via 192.168.24.4
> (Firewall 192.168.24.1/24)
> 
> 192.168.24.4 is the PC with the PPTP connection.
> 
> This works wonderfully for the local lan, however, I'm not sure how to
> route, or what route to set on the remote firewalls to push this traffic
>   to the host?
> 
> ip route add 1.2.3.4/30 via 192.168.24.4 nexthop 10.10.10.1?
> 
> (Assumes the remote locations lan is 10.10.10.1)
> 
> --
> Can this be done?  Do I need to bring OSPF into the mix?
> Do I need to mark the traffic to/from 1.2.3.4 to be handled by the 
> strongswan VPN?
> 
> 
> A workstaion of 10.10.10.25 should be able to move traffic to 1.2.3.4 
> accross the VPN via the host 192.168.24.4
> 
> 
> |Remote Workstations
> |
> REMOTE LAN
> 10.10.10.0/24
> 10.10.10.1 Firewall
> | Real IP
> |
> |  Ipsec Tunnel (StrongSwan)
> |
> | Real IP
> Primary LAN
> 192.168.24.1 Firewall
> 192.168.24.0/24
> |
> |                             (Application Provider's REAL ip)
> |192.168.24.4 --shared PPTP-- 1.2.3.4/30
> |
> |Other Workstations
> 
> _____________________________
> _______________________________________________
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users


-- 
======================================================================
Andreas Steffen                         andreas.steffen@strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute of Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

["smime.p7s" (application/x-pkcs7-signature)]

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic