<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Rescued from the Spam bucket. Please remember to subscribe to the mailing list before posting to it.<br><div><br><div><div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; color:rgba(127, 127, 127, 1.0);"><b>From: </b></span><span style="font-family:'Helvetica';">Diego Rodrigues Ferreira <<a href="mailto:katesclau@gmail.com">katesclau@gmail.com</a>><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; color:rgba(127, 127, 127, 1.0);"><b>Subject: </b></span><span style="font-family:'Helvetica';"><b>Multiple tunnels with 3G stations with Cisco RV180</b><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; color:rgba(127, 127, 127, 1.0);"><b>Date: </b></span><span style="font-family:'Helvetica';">August 20, 2014 at 1:04:53 PM GMT-4<br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; color:rgba(127, 127, 127, 1.0);"><b>To: </b></span><span style="font-family:'Helvetica';"><a href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br></span></div><br><br><div dir="ltr"><div>Hello guys,</div><div><br></div><div>First post here, so please, be patient with me. </div><div><br></div><div>What I´m trying to accomplish is to connect different 3G or non-<span class="" id=":4br.88" tabindex="-1">statis</span> <span class="" id=":4br.89" tabindex="-1">IP</span> <span class="" id=":4br.90" tabindex="-1">statios</span> to a <span class="" id=":4br.91" tabindex="-1">OpenSWAN</span> <span class="" id=":4br.92" tabindex="-1">VPN</span> Server. On sites, I have a <span class="" id=":4br.93" tabindex="-1">Cisco</span> RV180.</div>
<div><br></div><div>Objectives:</div><div><ul><li>Connect multiple dynamic <span class="" id=":4br.94" tabindex="-1">IP</span> routers to the <span class="" id=":4br.95" tabindex="-1">VPN</span>;</li><li>Routes between dynamic site - server and dynamic site - other dynamic site;</li>
</ul><div>Issues:</div></div><div><ul><li>So far, I could only connect 1 tunnel at a time, and other sites try to connect to the same <span class="" id=":4br.96" tabindex="-1">conn</span> as the first. </li><li><font face="arial, helvetica, sans-serif">Connections do not establish do to lack of identification - "<span style="">We cannot identify ourselves with either end of this connection"</span>;</font></li>
<li>tried to use <span class="" id=":4br.97" tabindex="-1">leftid</span> and <span class="" id=":4br.98" tabindex="-1">rightid</span> - no go, and I cannot assert <span class="" id=":4br.99" tabindex="-1">ip</span> addresses to remote sites =´[;</li>
</ul><div>Any ideas on how can I accomplish this?</div></div><div>So this is my setup:<br></div><div><div><img width="582" height="401" apple-inline="yes" id="1F5C85B3-3D30-4D7B-B804-6B3175ADFC5B" apple-width="yes" apple-height="yes" src="cid:ii_hz2w3bqg1_147f44d43c3a18eb"><br></div><div>Server <span class="" id=":4br.100" tabindex="-1">config</span>:<br>
</div><div>Linux <span class="" id=":4br.101" tabindex="-1">Openswan</span> U2.6.37/K3.2.0-54-virtual (<span class="" id=":4br.102" tabindex="-1">netkey</span>) on a <br></div><div><span class="" id=":4br.103" tabindex="-1">Ubuntu</span> 12.04 Server x86_64</div>
<div><div><br></div><div><b>/etc/<span class="" id=":4br.104" tabindex="-1">ipsec</span>.<span class="" id=":4br.105" tabindex="-1">conf</span></b></div><div><div>version 2.0</div><div><br></div><div># basic configuration</div>
<div><span class="" id=":4br.106" tabindex="-1">config</span> setup</div><div> <span class="" id=":4br.107" tabindex="-1">dumpdir</span>=/var/run/<span class="" id=":4br.108" tabindex="-1">pluto</span>/<br></div><div>
interfaces=%<span class="" id=":4br.109" tabindex="-1">defaultroute</span></div><div> <span class="" id=":4br.110" tabindex="-1">nat</span>_traversal=yes<br></div><div> <span class="" id=":4br.111" tabindex="-1">oe</span>=off<br>
</div><div> <span class="" id=":4br.112" tabindex="-1">protostack</span>=<span class="" id=":4br.113" tabindex="-1">netkey</span><br></div><div> <span class="" id=":4br.114" tabindex="-1">plutostderrlog</span>=/var/log/<span class="" id=":4br.115" tabindex="-1">pluto</span>.log<br>
</div></div><div><br></div><div><span class="" id=":4br.116" tabindex="-1">conn</span> SITE1</div><div> right=%any<br></div><div> <span class="" id=":4br.117" tabindex="-1">rightsubnet</span>=<a href="http://192.168.0.0/16">192.168.0.0/16</a></div>
<div> <span class="" id=":4br.118" tabindex="-1">rightnexthop</span>=%<span class="" id=":4br.119" tabindex="-1">defaultroute</span></div><div> <span class="" id=":4br.120" tabindex="-1">rightsourceip</span>=192.168.4.1</div>
<div> also=main-tunnel-<span class="" id=":4br.121" tabindex="-1">config</span></div><div><br></div><div><div><span class="" id=":4br.122" tabindex="-1">conn</span> SITE2</div><div> right=%any<br></div><div>
<span class="" id=":4br.123" tabindex="-1">rightsubnet</span>=<a href="http://192.168.0.0/16">192.168.0.0/16</a></div><div> <span class="" id=":4br.124" tabindex="-1">rightnexthop</span>=%<span class="" id=":4br.125" tabindex="-1">defaultroute</span></div>
<div> <span class="" id=":4br.126" tabindex="-1">rightsourceip</span>=192.168.5.1</div><div> also=main-tunnel-<span class="" id=":4br.127" tabindex="-1">config</span></div></div><div><br></div><div><div><span class="" id=":4br.128" tabindex="-1">conn</span> SITE3</div>
<div> right=%any<br></div><div> <span class="" id=":4br.129" tabindex="-1">rightsubnet</span>=<a href="http://192.168.0.0/16">192.168.0.0/16</a></div><div> <span class="" id=":4br.130" tabindex="-1">rightnexthop</span>=%<span class="" id=":4br.131" tabindex="-1">defaultroute</span></div>
<div> <span class="" id=":4br.132" tabindex="-1">rightsourceip</span>=192.168.6.1</div><div> also=main-tunnel-<span class="" id=":4br.133" tabindex="-1">config</span></div></div><div><br></div><div><span class="" id=":4br.134" tabindex="-1">conn</span> main-tunnel-<span class="" id=":4br.135" tabindex="-1">config</span><br>
</div><div> <span class="" id=":4br.136" tabindex="-1">authby</span>=secret</div><div> <span class="" id=":4br.137" tabindex="-1">pfs</span>=yes</div><div> <span class="" id=":4br.138" tabindex="-1">keyingtries</span>=1</div>
<div> type=tunnel</div><div> <span class="" id=":4br.139" tabindex="-1">ike</span>=aes256-sha1;modp1536</div><div> phase2=esp</div><div> phase2alg=<span class="" id=":4br.140" tabindex="-1">aes</span>-sha1;modp1536</div>
<div> lifetime=86400s</div><div> <span class="" id=":4br.141" tabindex="-1">aggrmode</span>=no</div><div> #Left security gateway, <span class="" id=":4br.142" tabindex="-1">subnet</span> behind it, <span class="" id=":4br.143" tabindex="-1">nexthop</span> toward right.</div>
<div> left=<SERVER-<span class="" id=":4br.144" tabindex="-1">IP</span>></div><div> <span class="" id=":4br.145" tabindex="-1">leftsubnet</span>=<a href="http://192.168.200.0/24">192.168.200.0/24</a></div>
<div> <span class="" id=":4br.146" tabindex="-1">leftnexthop</span>=%<span class="" id=":4br.147" tabindex="-1">defaultroute</span></div><div> <span class="" id=":4br.148" tabindex="-1">leftsourceip</span>=192.168.200.1</div>
<div> auto=start</div></div><br></div><div><b>/etc/<span class="" id=":4br.149" tabindex="-1">ipsec</span>.secrets</b></div><div><div><SERVER-<span class="" id=":4br.150" tabindex="-1">IP</span>> %any : <span class="" id=":4br.151" tabindex="-1">PSK</span> "password"</div>
<div><br></div><div>some of my refs so far:</div><div><a href="https://lists/">https://lists</a>.<span class="" id=":4br.152" tabindex="-1">openswan</span>.org/<span class="" id=":4br.153" tabindex="-1">pipermail</span>/users/2010-February/018281.html<br>
</div><div><a href="https://lists/">https://lists</a>.<span class="" id=":4br.154" tabindex="-1">openswan</span>.org/<span class="" id=":4br.155" tabindex="-1">pipermail</span>/users/2006-October/010822.html<br></div><div>
http://<span class="" id=":4br.156" tabindex="-1">osdir</span>.com/ml/network.<span class="" id=":4br.157" tabindex="-1">openswan</span>.user/2005-04/msg00210.html<br></div><div style="font-weight:bold"><br></div></div><div>
<br></div><div>Thanks in advance! Cheers</div><div><br></div><br clear="all"><div><div dir="ltr"><div>Eng° Diego <span class="" id=":4br.158" tabindex="-1">Rodrigues</span> <span class="" id=":4br.159" tabindex="-1">Ferreira</span>,<br>
</div><div><font color="#888888"><span class="" id=":4br.160" tabindex="-1">MCA</span> <span class="" id=":4br.161" tabindex="-1">Sistemas</span></font></div><div><font color="#888888"><font color="#888888"><a href="mailto:diegoferreira@mcasistemas.com.br" target="_blank"><span class="" id=":4br.162" tabindex="-1">diegoferreira</span>@<span class="" id=":4br.163" tabindex="-1">mcasistemas</span>.com.<span class="" id=":4br.164" tabindex="-1">br</span></a></font></font></div>
<div><font color="#888888"><span class="" id=":4br.165" tabindex="-1">Skype</span>: <span class="" id=":4br.166" tabindex="-1">diegoferreira</span>.eel<br><a value="+554821072767">+55 48 30281504</a><br><a value="+554888552508">+55 48 96734424<div>
<br></div></a></font></div></div></div>
</div>
<br><br></div></div></div><br></body></html>