On Sat, Feb 23, 2008 at 05:47:18PM +0200, Alexey Vatchenko wrote: > Hi guys! > > I'm trying to configure IPSec tunnel between home gateway and office > gateway. Home gateway has dynamic IP, office gateway has static IP. > > The problem is when home gateway establishes IPSec tunnel with office > gateway, computers from office network cannot connect to office gateway > (but they still can get Internet through the gateway). > > Here is what i do: > > Office network: 192.168.0.0/24 > ipsec.conf: ike passive esp from 192.168.0.0/24 to any local egress > dstid [EMAIL PROTECTED] psk xxx > > Home > ipsec.conf: ike dynamic esp from any to 192.168.0.0/24 peer > OFFICE_EXTERNAL_IP srcid [EMAIL PROTECTED] psk xxx > > So, please, shed some light on what i do wrong.
you need to declare a bypass flow on the side of the network where the router, presumably on 192.168.0.0/24 requires communication to the local network segment also on 192.168.0.0/24. It is probobly trying to send this across the tunneled wire, which won't reach its destination. Create a bypass for flows from 192.168 to 192.168, like so: flow esp from 192.168.0.0/24 to 192.168.0.0/24 type bypass
