From owner-freebsd-questions Fri Nov 30 13:29:53 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.27in.tv (roc-66-24-112-7.rochester.rr.com [66.24.112.7]) by hub.freebsd.org (Postfix) with ESMTP id E507937B405 for ; Fri, 30 Nov 2001 13:29:43 -0800 (PST) Received: from 27in.tv (localhost [127.0.0.1]) by mail.27in.tv (8.11.6/8.11.6) with SMTP id fAULTgL75341 for ; Fri, 30 Nov 2001 16:29:42 -0500 (EST) (envelope-from cjm2@27in.tv) From: "Christopher J. Michaels" Received: from 216.153.202.45 (SquirrelMail authenticated user cjm2) by www.27in.tv with HTTP; Fri, 30 Nov 2001 16:29:42 -0500 (EST) Message-ID: <2610.216.153.202.45.1007155782.squirrel@www.27in.tv> Date: Fri, 30 Nov 2001 16:29:42 -0500 (EST) Subject: Routing over an IPSEC tunnel. To: Importance: Normal X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: SquirrelMail (version 1.2.0 [rc2]) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, I have what seems to be (but shouldn't) a fairly complex routing problem that I was hoping I could get some assistance on. I couldn't find anything in the archives on this. I have 3 private networks that are all connected through IP sec (ESP) tunnels (over the Internet). The individual tunnels are all working fine. 10.0.0/24 [FreeBSD 4.4-STABLE] 10.2.1/24 [FreeBSD 4.4-STABLE] 192.168.0/24 [Linux w/ FreeS/WAN] The current config is as follows: [10.0.0.1] <-tunnel-> [10.0.2.1] <-tunnel-> [192.168.0.1] [10.0.0/24] [10.0.2/24] [192.168.0/24] 10.0.0/24 can talk to 10.0.2/24 just fine and 10.0.2/24 and 192.168.0/24 can talk just fine. What I would like to do is route the two outer networks through 10.0.2.1. I can't seem to make this work, any assistance would be appreciated. I can't write a route statment that will pass the traffic through. Thanks, --Chris p.s. Just to be clear, while I am using nat to route the private nets to the Internet, I am NOT using nat to route the private networks together, this is evidenced by the fact that my tunnels work even when I flush my ipfw rules. ed0 is my public interface. rl0 is my LAN interface. ============================= The output of 'netstat -nr' is as follows (public ips are masked with 'xx'): Internet: Destination Gateway Flags Refs Use Netif Expire default xx.xx.xx.xx UGSc 20 1953740 ed0 10/24 10.0.2.1 UGSc 1 227 rl0 10.0.1/24 10.0.2.1 UGSc 2 16975 rl0 10.0.2.0 ff:ff:ff:ff:ff:ff UHLWb 0 97 rl0 => 10.0.2/24 link#2 UC 3 0 rl0 10.0.2.1 127.0.0.1 UH 19 14278 lo0 10.0.2.253 0:a0:cc:36:33:93 UHLW 4 1152013 rl0 735 10.0.2.255 ff:ff:ff:ff:ff:ff UHLWb 1 11812 rl0 xx.xx.xx/22 link#1 UC 2 0 ed0 xx.xx.xx.xx 0:b0:64:b7:97:54 UHLW 20 28176 ed0 1199 xx.xx.xx.xx 0:0:e8:e0:f8:ec UHLW 0 28565 lo0 127.0.0.1 127.0.0.1 UH 3 182417 lo0 192.168.0 10.0.2.1 UGSc 1 1102 rl0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message