Re: [Ipsec-tools-devel] IPSEC tunnel. Packets are not sent from gateway

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Tue, 2009-07-28 at 22:19, ZAKIR AHMED wrote:
> I have answered your questions. Please let me know if you require other info
> --- On Mon, 27/7/09, Milan P. Stanic <mp...@ar...> wrote:
[...]
> > Do hosts B and C have only one interfaces or they have
> > two?
> All are single homed. All of these PC's are normal Linux PC's with one interface

I'm sorry but I never set IPsec with single homed gateways so I can't
tell from experience if that could work. In theory it should but I don't
know for sure.

[...]
> > Strange. Your routing table is probably wrong because you
> > set it to use
> > same interface for different networks.
> > Or you set it that way by intention?
> There is a D-Link Switch that is present for 2 different networks. Machine A and B are connected one switch and Machine C and D are connected to the second switch. These switches are directly connected. Since there is only one interface, I am forced to play using routing tables only

If you allow me to give an advice to you I will say that you can use
some of virtual machines (UML, KVM, VirtualBox ...) to set complete
virtual network and test whatever you want in networking. It is far
easier than with real computers. After successful tests you can easily
move configs to real world machines.

> > I see that you have iproute installed. Could you use "ip
> > route" command
> > to show routing table because it is more rich with data
> > which is shown.
> ip route commands for machine 
> Machine A
> 107.10.207.0/24 dev eth0  scope link
> default via 107.10.207.180 dev eth0

Doesn't ip route shows source address to?

And, did you set two IP addresses for hosts B and C on their eth0
interfaces?

> Machine B
> ip route
> 107.10.71.229 via 107.10.71.230 dev eth0 
> 107.10.71.230 dev eth0 
> 107.10.207.0/24 dev eth0 
> 
> Machine C
> ip route
> 107.10.207.53 via 107.10.207.180 dev eth0 
> 107.10.207.180 dev eth0 
> 107.10.71.0/24 dev eth0 
> 
> Machine D
> 107.10.71.0/24 dev eth0  scope link
> default via 107.10.71.230 dev eth0

-- 
Kind regards,  Milan
--------------------------------------------------
Arvanta, IT Security        http://www.arvanta.net
Please do not send me e-mail containing HTML code.