[Openswan Users] Routing between tunnels
Paul Wouters
paul at xelerance.com
Wed Aug 10 23:50:47 CEST 2005
On Wed, 10 Aug 2005, Alaa Dalghan wrote:
> I have 2 windows XP clients (laptops) and one OpenS/WAN 2.3.1 gateway. I have
> created a tunnel (roadwarrior connection) from each client to the gateway and
> everything works fine.
>
>
> client A (WindowsXP)---------------Gateway G (OpenS/WAN)---------------
> client B(WindowsXP)
>
> Now i want to exchange data between the two clients without having to build a
> dedicated tunnel between them; that is, i want the data intended from A to B
> to travel encrypted via the following path:
>
> A-------------------------->S---------------------------->B
> ESP packets ESP packets
>
> and i want the gateway to perform the necessary routing of ESP envelopes. The
> problem is that this is not a classical routing problem since the gateway has
> to "route between tunnel interfaces".
>
> Can anyone please help me?
You can do this by tunneling an IP address onto the laptops and using that
as the default outgoing IP address. So on the client, you would need to
equivalent of:
left=%defaultroute
leftsubnet=a.b.c.d/32
right=YourGw
rightsubnet=0.0.0.0/0
then convince your machine to use a.b.c.d as the default IP. For Linux this
can be done with the 'ip' command (something like 'ip route add 0.0.0.0 src a.b.c.d')
For Windows, it is probably easier to setup IPsec using L2TP. Then L2TP
assigns an IP address and it will be used per default, therefor encrypting it
all.
Be aware that the extruded/L2TP's IP address should not be in the same network
range as the regular DHCP'd IP address.
Paul
--
"With Data mining, we can search specifically for clues"
--- The AIVD (The Dutch NSA) on the necessity of ISP's data retension
More information about the Users
mailing list