[Openswan Users] Initial setup, iproute or mutliple tunnels....

Scott MacKay scottmackay at yahoo.com
Mon Oct 11 05:07:42 CEST 2004 

Hello!
    Just starting to use OpenVPN and had a few
questions.

I am trying to get a moderately simple setup working
but having a few issues.  This would be under RedHat
but a recompiled kernel using 2.4.26, patched for
OpenSWAN 1.0.7.

I am looking to setup a rather simple design and hope
that I am not over-complicating bits.  I am working
off the ideas under "Multiple tunnels between the same
two gateways" in the openswan advanced user's guide,
basically to allow full intercommunication between
gateways and subnets.  
So I guess as a first question, how would one perform
the routing using only 1 tunnel and iproute2?  I do
have that installed and it seems like it would be more
useful than multiple tunnels.

I am also trying to use some encryption.  I am
probably doing this in an overly complicated manner,
but I generate a RSA key on each side, then put the
contents in the ipsec.secrets file.  In the tunnel
definition I use 'leftrsasigkey' and 'rightrsasigkey',
along with made up 'leftid' and 'rightid'.  It does
seem to work, as the ipsec auto --up sequence seems to
come to a resolution which is cool, so hopefully 1/4
the way there even if it is a poor method.  If the
iproute2 is a bit of a bother and I need to set up
muttiple tunnels, it seems like I reuse the current
configuration, not including the 'leftsubnet' and
'rightsubnet' depending on which tunnel I am making. 
A couple questions about that:  Whem making the
tunnel, do I re-use or must I use new
'leftid/rightid/leftrsasigkey/rightrsasigkey'?
Below is an example of my initial setup I am looking
to build off.  If there is a question about the setup
like "why in the world did you...." it is likely
because I have it set up poorly/wrong :)
Also, is there a better way to do keys/encryption if
you cannot rely on DNS or a key server?

-Scott

conn  scott
        # Left security gateway, subnet behind it,
next hop toward right.
        left=192.168.124.1
        leftnexthop=192.168.124.5
        leftsubnet=192.168.1.0/24
        leftrsasigkey=somethingreallylong 
        leftid=@gw1.test.net
        rightid=@gw2.test.net
        rightrsasigkey=somethingreallylong
        right=192.168.125.2
        rightnexthop=192.168.125.5
        rightsubnet=192.168.121.0/24
        #auto=add

# leftsubnet
#
192.168.1.1/24--([192.168.1.1]left[192.168.124.1])--([192.168.124.5]router)-\
#   leftsubnet                         left           
leftnexthop            |
#                                                     
                       |
# rightsubnet                                         
                       |
#
192.168.121.0/24-([192.168.121.1]right[192.168.125.2])-([192.168.125.5]router)-/
#   rightsubnet                        right          
  rightnexthop





		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

More information about the Users mailing list