Good Morning, All,

I've set up an IPCop 1.4.10 box in both my home and office, trying to see if I can do this:

--Route all traffic for the SMTP server to go through the VPN tunnel to my office, through the IPCop box there on the local network.

--Route all traffic going to the server (which has a public address on the internet) to go through the VPN tunnel instead.

Is this possible? I've tried to manually add some "route add -net ..." and "route add -host ..." statements on the home IPCop box at the console, but no luck.

How would I go about doing this? Or is there a limit to the number of hops for IPSec traffic?

The VPN is functional, as I can access machines within the office's IPCop subnet (192.168.10.x) from the home IPCop network (192.168.1.x) and vice-versa. However, attempting to access the server results in it going through the home IPCop box routing to the local carrier--not over the VPN. Same for SMTP access...

If this can work then I look forward to deploying the same setup to our remote offices... the VPN tunnels in use at the present are overloaded and particularly slow and unreliable.


I sincerely appreciate any/all thoughts on this. Thanks in advance!

VPN is special... it uses setkey rules, not route, on the box that is doing the work.

Start with the VPN HowTo of the Linux Documentation Project ...

Sundialsvcs,

Thanks for the reply. Going to your link now!


Strick1226

Hmm... even when I tried to setup a static route and assign to my ipsec0 interface, it doesn't fail--but doesn't seem to be encrypted, as ifconfig shows eth1 with all the traffic, not ipsec0.

Do I need to modify the metric assignments manually, in order to force traffic for a certain subnet to go over the ipsec0 interface?