[Gllug] Please fix my network (reward offered)

Bruce Richardson itsbruce at uklinux.net
Fri Dec 17 12:20:35 UTC 2004


On Thu, Dec 16, 2004 at 11:27:03AM +0000, Darren wrote:
> Hi
> 
> I've spent far too long on this so I'm willing to offer a
> reward/charity donation/crate of wine/whatever to the first person who
> can tell me how to allow machines on my home network  to connect to
> machines on my office network via my ipcop VPN.
> 
> In short I can get to the first network over the VPN but I cannot
> 'see' the second interface of the  bridge machine.

You cannot do what you are trying to do the way you are trying to do it,
if I have understood your intentions correctly.

You cannot use an IPSec tunnel as just another subnet over which traffic
between other, connected subnets can be routed.  An IPSec policy defines
the absolute source and destination of the traffic going across it (and
this is intentional: it's a security feature).  This means that if you
have an IPSec tunnel between subnets A and B, you cannot use it to route
between A and C, where C is directly connected to B.  If you want to
achieve that using an IPSec tunnel you have to futher encapsulate the
traffic by, for example, creating a point-to-point tunnel between a host
on A and a host on B and then route over that tunnel to get to C.  The
IPSec tunnel would be happy as it would only be seeing traffice between
A and B.

-- 
Bruce

The ice-caps are melting, tra-la-la-la.  All the world is drowning,
tra-la-la-la-la.  -- Tiny Tim.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20041217/4b0b0986/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list