FreeS/WAN

Deven Phillips, CISSP dphillips at viata.com
Sat Jun 16 19:44:26 PDT 2001 

Jimen,

	How did you configure the new subnet declarations??? Here's the way
that I did it:

# Primary declaration
	right		216.136.85.231
	rightnexthop	216.136.85.224
	rightsubnet	192.168.0.0/24
	left		64.29.82.71
	leftnexthop	64.29.82.64
	leftsubnet	192.168.10.0/24
	# Include key info and other options as well

# Second subnet
	right		216.136.85.231
	rightnexthop	216.136.85.224
	rightsubnet	192.168.0.0/24
	left		64.29.82.71
	leftnexthop	64.29.82.64
	leftsubnet	151.193.141.0/24
	# Include key info and other options as well

# Third subnet
	right		216.136.85.231
	rightnexthop	216.136.85.224
	rightsubnet	192.168.0.0/24
	left		64.29.82.71
	leftnexthop	64.29.82.64
	leftsubnet	151.193.130.0/24
	# Include key info and other options as well

Hope that this helps, and also that is not a standard ping relpy that I
get. I can always ping and telnet to machines on the other end of the
tunnel. Everything should appear as if there is a direct connection
between you and the other network from my experience. The only problem I
have really noticed is that when trying to get FreeS/WAN to act as a
single host to subnet or single host to single host tunnel. IPSEC was
never really designed for that. If you are looking for a single host to
subnet or single host to single host tunnel look into L2TP or PPTP.

Deven Phillips, CISSP
Network Architect
Viata Online, Inc.


Jimen Ching wrote:
> 
> On Thu, 14 Jun 2001, Deven Phillips wrote:
> >       FreeS/WAN is kind of limited for that. What we have had to do on
> >previous occasions is define a new tunnel for each subnet we wish to
> >tunnel. i.e., one FreeS/WAN tunnel definition for each subnet. Hope this
> >helps.
> 
> Hi,
> 
> Thanks for the suggestion.  I tried using a tunnel for the additional
> subnets.  The tunnel seems to have established ok.  But when I tried to
> ping a host on the new subnet, I get a response from the gateway address.
> Is this a bug in ping, or is my configuration broken?  Though ping gets a
> response, commands like telnet does not work.
> 
> Is there anything more I have to do besides configuring another tunnel?
> 
> --jc
> --
> Jimen Ching (WH6BRR)      jching at flex.com     wh6brr at uhm.ampr.org
> 
> ---
> You are currently subscribed to luau as: dphillips at viata.com
> To unsubscribe send a blank email to $subst('Email.Unsub')

More information about the LUAU mailing list