[Swan] VPN -> GW -> IPSEC -> GW -> HOST

Phil Daws uxbod at splatnix.net
Sun Jan 18 18:53:09 EET 2015


Hello all:

am trying to get my head around routing across an IPSEC tunnel but its sending me crazy!  Here is the layout:

GW1: 10.1.10.1
GW2: 10.2.10.1

>From GW1 I can now reach all interfaces on GW2 and vice versa; yippee!

Now, if I introduce the VPN which is connected to GW1 with a network of 172.16.10.0/24, and when connected my client receives 172.16.10.2, I am able to reach all nodes on the 10.1.10.0/24 network but nothing at all on the 10.2.10.0/24 network ?!?!  Have checked the routing information and that seems correct; I think:

10.2.0.0/16 dev eth0  scope link  src 10.1.10.1
172.16.10.0/24 dev tun0  proto kernel  scope link  src 172.16.10.1

I see it hit the external interface but then does not reach the other side :(

16:52:33.553238 IP 37.XXX.XXX.XXX > 10.2.10.10: ICMP echo request, id 1, seq 262, length 40

Any help would be appreciated please.

Thanks, Phil
(null)
(null)


More information about the Swan mailing list