[Openswan Users] Hub and Spoke
Paul Wouters
paul at xelerance.com
Wed May 26 16:41:14 CEST 2004
On Wed, 26 May 2004, Trevor Benson wrote:
> Are there any good howto's on how to get openswan to do a hub and spoke.
> I did some testing with adjusting the tunnels subnet, but this just
> broke the tunnel so traffic destined for the other network never
> responded. Do I need to manually add a route to the hub?
I assume you mean a setup like :
A B C
\ | /
F-hub-E
If you now want to send traffic from A to C via IPsec on HUB, you should
make a conn on A and hub that specify A's subnet as right, and C's subnet as
left. you will need a similar conn on C and hub.
Unless you setup broader tunnels. Assume that A is 10.0.1.0/24, B is 10.1.2.0/24
and C is 10.1.3.0/24, then you can define a tunnel from A with 10.1.0.0/16
or perhaps even 10.0.0.0/8
Do not use 'route add whatever gw someIPatHub' because A will drop those packets
because it is lacking a proper IPsec policy for those packets.
Paul
More information about the Users
mailing list