<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
What sort of VPN are you attaching to GW1? Do devices on that VPN
get a route to 10.2.10.0/24 via 10.1.10.1?<br>
<br>
Also you will need to set up an extra subnet in your ipsec VPN which
shows 172.16.10.0/24 being at GW1. Check out the left/rightsubnet<font
color="#ff0000"><b>s</b></font> parameter.<br>
<br>
Are 10.1.10.1 and 10.2.10.1 LAN or WAN IP's in you set up? Perhaps
post your conf.<br>
<br>
Nick<br>
<div class="moz-cite-prefix">On 18/01/2015 16:53, Phil Daws wrote:<br>
</div>
<blockquote
cite="mid:958874910.412503.1421599989362.JavaMail.zimbra@innovot.com"
type="cite">
<pre wrap="">
Hello all:
am trying to get my head around routing across an IPSEC tunnel but its sending me crazy! Here is the layout:
GW1: 10.1.10.1
GW2: 10.2.10.1
>From GW1 I can now reach all interfaces on GW2 and vice versa; yippee!
Now, if I introduce the VPN which is connected to GW1 with a network of 172.16.10.0/24, and when connected my client receives 172.16.10.2, I am able to reach all nodes on the 10.1.10.0/24 network but nothing at all on the 10.2.10.0/24 network ?!?! Have checked the routing information and that seems correct; I think:
10.2.0.0/16 dev eth0 scope link src 10.1.10.1
172.16.10.0/24 dev tun0 proto kernel scope link src 172.16.10.1
I see it hit the external interface but then does not reach the other side :(
16:52:33.553238 IP 37.XXX.XXX.XXX > 10.2.10.10: ICMP echo request, id 1, seq 262, length 40
Any help would be appreciated please.
Thanks, Phil
(null)
(null)
_______________________________________________
Swan mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>
</pre>
</blockquote>
<br>
</body>
</html>