[Openswan Users] Hub and Spoke
Trevor Benson
tbenson at a-1networks.com
Wed May 26 08:49:13 CEST 2004
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Wednesday, May 26, 2004 6:41 AM
> To: Trevor Benson
> Cc: Users at lists.openswan.org
> Subject: Re: [Openswan Users] Hub and Spoke
>
> On Wed, 26 May 2004, Trevor Benson wrote:
>
> > Are there any good howto's on how to get openswan to do a hub and
spoke.
> > I did some testing with adjusting the tunnels subnet, but this just
> > broke the tunnel so traffic destined for the other network never
> > responded. Do I need to manually add a route to the hub?
>
> I assume you mean a setup like :
>
> A B C
> \ | /
> F-hub-E
>
> If you now want to send traffic from A to C via IPsec on HUB, you
should
> make a conn on A and hub that specify A's subnet as right, and C's
subnet
> as
> left. you will need a similar conn on C and hub.
>
> Unless you setup broader tunnels. Assume that A is 10.0.1.0/24, B is
> 10.1.2.0/24
> and C is 10.1.3.0/24, then you can define a tunnel from A with
10.1.0.0/16
> or perhaps even 10.0.0.0/8
>
> Do not use 'route add whatever gw someIPatHub' because A will drop
those
> packets
> because it is lacking a proper IPsec policy for those packets.
>
> Paul
>
So if I have already adjusted the subnet from A to Hub, and C to Hub, so
that each network knows to talk to the hub for all ranges 10.0.0.0/8.
If I did not have A as a Left, and C as a Right, this would inhibit the
traffic flowing through the system? I generally use left as local, and
right as remote on both sides. Is it that the subnetting is fine, but 2
right networks from a left hub network wont talk through the hub? Is
the swapping of left and right only at the hub, or must the A openswan
and C openswan have specific tunnel sides as well as hub?
Thanks,
Trevor
More information about the Users
mailing list