> I'm trying to setup a VPN from my home to the network at work. I'm using > DCD on firewalls at both ends, the difference being at the home-end > where I do not have a static IP. After much trying and failing I'm at > the point > Where I can issue an ipsec auto --up Work-Home and get a connection up. > As a side note, I had to manually insert the ipchains command to allow > proto 50/51 through at the home end just before the deny all rule. > Attempts in the network.conf file like EXTERN_PROTO0="50 > aaa.bbb.ccc.ddd/24" (and similar for proto 51) does not work (could be > some script problem)). Any thoughts ? Anyway, sitting on the fw at home, > I can ping machines in the internal net behind the fw at work. But; I > cannot ping machines in the internal net at home from the fw at work. > This is probably some routing problem. The internal ip-range at home is > 192.168.3.0, at work it is 192.168.1.0. > I tried an : ip route add 192.168.3.0/24 via aaa.bbb.ccc.ddd dev ipsec0 > (aaa.bbb.ccc.ddd being the gateway we are using at work (not the address > of the fw)). This does not work. I've included the connection sections > below. Solutions anyone ? (And as detailed as possible, as I'm learning > as I go ;)
A simple configuration problem. You have specified a subnet-host connection, *NOT* a subnet-subnet connection. You are missing a rightsubnet=192.168.3.0/24 entry in both configuration files. Add this and your tunnel should begin working the way you want...note that all routing for the tunnels is done for you by IPSec, in general you should not have to manually add routes. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
