[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec Questions.
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: IPSec Questions.
- From: Greg Thomas <getbsd_(_at_)_sbcglobal_(_dot_)_net>
- Date: Sun, 24 Nov 2002 15:01:21 -0800
On Sunday, Nov 24, 2002, at 14:37 US/Pacific, Craig Hammond wrote:
Also it seems that the PC running isakmpd can't talk to the private
IP's on the other size of the tunnel. Is this correct, or have I done
Also quite normal, as it sounds like your tunnel does not include the
endpoints. Look at the generated SAs (netstat -rn -f encap), the >peer
addresses are not part of them.
If you want them included, create tunnels for them as well. In a
"typical" setup, this means a total of four tunnels(/Connections).
Thanks for that info, but how do I create those extra two tunnels???
Considering my newbieness take this with a grain of salt. But I
believe under Phase 2 on both hosts add 3 more Connections=, and under
the tags for Remote-ID and Local-IDs change ID_type= from
IPV4_ADDR_SUBNET to IPV4_ADDR, and change Network= to Address= where
At a high-level you have a tunnel from network from network, but now
you need to add network1 to host2, network 2 to host1, and I think
host1 to host2.
Hopefully Hakan will check in if I'm way off on this.