[Users] routing through two tunnels not working

From: Andreas Müller <afm(at)othello.ch>
Date: Thu Apr 22 2004 - 15:57:10 EDT

Hello,

I've successfully set up a VPN in a star configuration, i.e. a bunch of remote offices connect through a freeswan gateway to the central office. All remote offices use a class B subnet of the 10.x.x.x network. The central office uses several class B subnets of 10.x.x.x. So far, everything works quite nicely.

However, when we send packets from subnet 10.222.x.x to 10.223.x.x, both remote offices, we see packets enter the central office's gateway, and tcdpump -i ipsec0 sees them. The Iptables on the gateway also logs and accepts them. But nothing ever gets routed to 10.223.x.x. ASCII-graphically, the situation looks as follows

                    remote office 10.222.x.x
                   /
                  /

central gateway
(10.x.x.x)

                  \
                   \
                    remote office 10.223.x.x

As a workaround, we tried to establish a direct tunnel between the two remote offices, and were partly successful: a SA was established  and both gateways have keys, and we also see entries in the routing tables at each remote office for the other remote office.  Unfortunatelty, packets from 10.222.x.x to 10.223.x.x still get routed via the central gateway. How can we get the remote office' s gateways to route packtes through they tunnel they have between themselves?

So far, we have leftsubnet=10.0.0.0/8 for the central gateway, which seems to work ok. Do we need to write out the class B networks  at the central location in detail?

Mit herzlichem Gruss

                                          Andreas Müller

--
Dr. Andreas Müller, Beratung und Entwicklung
CH-8852 Altendorf, Bubental 53,  Switzerland
Tel: +41 55 4621483      Fax: +41 55 4621485
_______________________________________________
FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr

Received on Thu Apr 22 15:58:08 2004