[Openswan Users] IPsec traffic routing

Ben ben at vpn.sp.st
Sun Nov 14 21:32:14 CET 2004


Hi all, 

I need some advice for a particular setup.
I have one IPsec server and several IPsec roadwarriors connected to this server.
All my road warriors are connecting to the IPsec server and the connection is ok.

Now I need something more. I need that Client1 and Client2 can access each other through the IPsec server.

+--------------+      +-------------+       +-------------+
| Client 1     |      |             |       |Client 2     |
|road warrior  |<---->|IPsec Server |<----->|road warrior |
+--------------+      +----+--------+       +-------------+
      <-------------------<+>--------------------->

I am using a 2.6.8 Kernel and openswan 2.2.

Since the virtual interfaces are gone. What is the best:
-1- To use ipip tunnels for the routing 
    (but still the problem of forcing the ipip traffic into the ipsec link)
-2- To setup iptables rules to forward the the traffic to roadwarrior clients
-3- To use a 2.4 kernel to get the virtual interfaces and route the traffic trough them

If anyone has an idea on how it could be done, thanks in advance!

Ben



More information about the Users mailing list