LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-09-2005, 09:01 AM   #1
strick1226
Member
 
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, macOS, SLES, Ubuntu
Posts: 327

Rep: Reputation: 63
Can I Route Specific Addresses Through an IPSec VPN Tunnel?


Good Morning, All,

I've set up an IPCop 1.4.10 box in both my home and office, trying to see if I can do this:

--Route all traffic for the SMTP server to go through the VPN tunnel to my office, through the IPCop box there on the local network.

--Route all traffic going to the server (which has a public address on the internet) to go through the VPN tunnel instead.

Is this possible? I've tried to manually add some "route add -net ..." and "route add -host ..." statements on the home IPCop box at the console, but no luck.

How would I go about doing this? Or is there a limit to the number of hops for IPSec traffic?

The VPN is functional, as I can access machines within the office's IPCop subnet (192.168.10.x) from the home IPCop network (192.168.1.x) and vice-versa. However, attempting to access the server results in it going through the home IPCop box routing to the local carrier--not over the VPN. Same for SMTP access...

If this can work then I look forward to deploying the same setup to our remote offices... the VPN tunnels in use at the present are overloaded and particularly slow and unreliable.


I sincerely appreciate any/all thoughts on this. Thanks in advance!
 
Old 12-09-2005, 06:20 PM   #2
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,367
Blog Entries: 4

Rep: Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337
VPN is special... it uses setkey rules, not route, on the box that is doing the work.

Start with the VPN HowTo of the Linux Documentation Project ...
Quote:
"Good luck, Jim..." --Bones
"Abandon all hope, ye who enter here." --The Inferno
"A-A-A-A-A-A-AU-G-G-G-G-HH!" --Linus (van Pelt)
 
Old 12-09-2005, 07:15 PM   #3
strick1226
Member
 
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, macOS, SLES, Ubuntu
Posts: 327

Original Poster
Rep: Reputation: 63
Sundialsvcs,

Thanks for the reply. Going to your link now!


Strick1226
 
Old 12-15-2005, 08:30 AM   #4
strick1226
Member
 
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, macOS, SLES, Ubuntu
Posts: 327

Original Poster
Rep: Reputation: 63
Hmm... even when I tried to setup a static route and assign to my ipsec0 interface, it doesn't fail--but doesn't seem to be encrypted, as ifconfig shows eth1 with all the traffic, not ipsec0.

Do I need to modify the metric assignments manually, in order to force traffic for a certain subnet to go over the ipsec0 interface?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPsec fails to open tunnel KaMakani Linux - Networking 0 10-12-2005 11:54 PM
IPSec tunnel over multiple interfaces tylerl Linux - Networking 0 07-21-2005 05:07 PM
creating a vpn tunnel to windows 2003 machine with ISA2003 using IPSec from RHES 3.0 gauravjee Linux - Networking 0 08-26-2004 06:05 AM
IPSEC Tunnel behind NAT pssst_yeah_you Linux - Networking 0 06-23-2004 04:54 PM
2.6 IPSEC Tunnel mode gateway mhiggins Linux - Networking 1 02-28-2004 01:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration