[Openswan Users] How to route between tunnel

Frank hubrach f.hubrach at spiekermann.de
Fri Aug 26 15:23:47 CEST 2005


Hello List,
i have problems to route between more then two Subnets.
Following constellation is used :

SubNet A(192.168.20.0/24) ------- GW A (OpenSwan 2.3.1) ------  Internet 
------     GW B (Openswan 2.3.1)  ---------SubNet B (192.168.24.0/24)
                                                                         
                                    Internet ------      GW C ( Openswan 
2.3.1) --------SubNet C (192.168.40.0/24)
                                                                       
                                      Internet ------      GW D ( 
Openswan 2.3.1)-------- SubNet D (192.168.48.0/24)
                                                                        
                                     Internet ------      GW E ( 
Openswan 2.3.1)---------SubNet E (192.168.60.0/24)

and so on ... up to 15 tunnel.

Every Tunnel can connect to GW A and work fine.
But also there must be a connection for send and recieve data between 
SubNets B C D E F etc.


What can I do ...for every Tunnel a seperate config ?



My ipsec.conf :
version 2.0
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        uniqueids=yes
        forwardcontrol=yes

conn %default
        keylife=120m
        keyingtries=2
        disablearrivalcheck=no
        authby=rsasig
        left=IP of left device
        leftnexthop=xx.yy.cc.dd
        leftcert=/etc/ipsec.d/certs/left-cert.pem

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn block
        auto=ignore

conn OEself
        auto=ignore


conn packetdefault
        auto=ignore

conn  SubC-SubA
        right=%any
        rightrsasigkey=%cert
        rightid="right cert"
        rightsubnet=192.168.40.0/24
        leftsubnet=192.168.20.0/24
        auto=add

conn  SubB-SubA
        right=%any
        rightrsasigkey=%cert
        rightid="right cert2"
        rightsubnet=192.168.24.0/24
        leftsubnet=192.168.20.0/24
        auto=add



More information about the Users mailing list