From: Andrew B. <an...@hi...> - 2004-10-31 15:16:45
|
Tony, > After setting up an ipsec tunnel from blue- once the tunnel is up, the > laptop can ping into green but loses access to the internet out via > red. Only traffic for green is tunnelled, the rest is dropped. > Having fought this battle myself not so long ago.... "Blue Access" and "VPN on Blue" appear to be mutually exclusive (note 1), at least on a per-client basis. If you want a Blue Client to access both Green and Red, what you do is turn off "Blue Access" and set up a VPN such that ALL TRAFFIC (even that destined for the outside world) from the client is routed down the tunnel. IPCop will then send it in its separate directions. In the IPCop VPN setup you want to set the "local subnet" to: 0.0.0.0/0.0.0.0 You need to do the same thing for the "remote subnet" in your client software. (Note 1: I haven't investigated what happens if client 'A' routes everything down a VPN, and then "Blue Access" is enabled to allow a non-VPN client to just access the 'net. When I have a few spare minutes I might just give it a whirl - if I ever get my RoadWarrior sorted out first!) Good luck. Regards, Andrew Borland (UK) |