[Openswan Users] RV: Problem to connect 2 connections one for internet and another for VPN

Ted Kaczmarek tedkaz at optonline.net
Mon Jan 3 21:43:10 CET 2005


On Mon, 2005-01-03 at 13:32 -0300, Pedro Diaz wrote:
> 
> Good afternoon:  I need if they can help me
> 
> I have 2 Servants with Fedora Core 1 Kernel-2.4.22-1.2197.ntpl, with the
> following packages Openswan:
> Kernel-modulate-openswan-2.4.22-1.2197.ntpl-2.1.4-fc1.dag.i686.rpm and the
> Openswan-utils-2.1.4-1.fc1.dag.i686.rpm.
> 
> As Firewall I have the shorewall 2.1
> 
> All this works well when having alone an In-date IP.
> When having 2 In-date IP, one to leave to Internet and the other one for the
> VPN, works in aleatory form.
> 
> I have the following outline:
> 
> Servant 1 :
> eth0  ------  200.72.20.250                               RED  INTERNET
>                    200.72.20.249  GW
> 
> eth1  -----   192.168.1.1                                   RED  LOCAL
> 
> eth2   -----  200.72.247.68			  RED  VPN
> 200.72.247.66	GW
> 

> 
> Servant  2
> 
> eth0  ------  200.107.66.36                               RED  INTERNET
>                    200.107.66.33  GW
> 
> eth1  -----   192.168.2.1                                   RED  LOCAL
> 
> eth2   -----  200.107.66.38			  RED  VPN
> 200.107.66.33	GW
> 
> 
> I need to have the security if it works and it works well this configuration
> Forgive the translation.
> 
> Greetings....
> 
> 
> Pedro Diaz Gallardo
> mail : pdiaz at sistemasavanzados.cl
> 
> 
Not sure what you mean by "IN-date".
Are you referring to the encapsulated traffic?

You need to match up the left on Servant 1 with the right on Servant 2,
and vice versa.

Only traffic that matches that policy is encapsulated and encrypted.
What happens to the other traffic that is not matched by that policy is
determined by your firewall rules, assuming you have a firewall.


Ted







More information about the Users mailing list