vpn via route
Hello!
I have a Squid-Proxy also functioning as a VPN-Gateway behind my ISP Router which i am not able to configure. Now I set up a vpn the following way: Squid/VPNGW(IP:1) --> ISPRouter(IP:2) --> vpn Gateway(IP:3) --> web-Server(IP:4) The task is to reach the web-Server trouw the vpn tunnel from the network behind my Squid/VPNGW. The Vpn comes up perfectly and everything seems to work fine, but i think i have a routing problem. My Squid/vpnGW has a public ip address (lets say this is 1) the default gw for my squid/vpnGW needs to be the ISPRouter ( lets say this one has the ip 2 ). Now in my ipsec.conf I added nextlefthop=2 (the ip of the ISPRouter). So because of that my "route -n" shows me, that the route for the ip:4 (which is a privat address something like 172.98.0.1) is via ISPRouter (IP:2) which (of cause) does not know anything about my ESP Tunnel. How can that be solved ? My ipsec.conf Quote:
|
Quote:
|
Sure you can, but I just do not know what to add or remove.
I think the the leftnexthop should be my SquidGW (ip:1) but that does not work. Also if I insert the Ip of the external VPNGW the ipsec.conf does not work. What to do ? |
Send here please "route -n"
|
/usr/sbin/ipsec auto --verbose --up TEST
002 "TEST" #1: initiating Main Mode 104 "TEST" #1: STATE_MAIN_I1: initiate 003 "TEST" #1: ignoring unknown Vendor ID payload [4f457a7d4646466667725f65] 003 "TEST" #1: received Vendor ID payload [Dead Peer Detection] 003 "TEST" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 002 "TEST" #1: enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal) ... .. . 004 "test" #2: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x1f59524b <0x963d3ad7} # route -n Code:
Kernel IP Routentabelle >>>>> Is the interesting part. This is our ISP`s Router. |
Quote:
leftnexthop=xx.x.x.81 I would say that everything is alright. |
Thats what i thought, but i can`t reach the other network
|
Ok, GW for the ip`s in rightsubnet needs to be the gw-Server itselve. Than the ping lands in the ESP-Tunnel.
I already get an answer but this cannot be encrypted. What the .... is that....let`s see... |
All times are GMT -5. The time now is 12:37 PM. |