[Openswan Users] Multiple Tunnel Setup
Jeremy Mann
jmann at integracarehh.com
Tue Jul 26 12:08:48 CEST 2005
I am limited on my public IP addresses, and would like some suggestions
on how to setup multiple incoming tunnels that share one IP address on
the openswan server. My biggest problem is that two of my sites are
fixed ip address, while one is dynamic dsl. Am I correct in assuming
that in the following config, if one of my fixed IP address sites sees a
connection related to it's address, it will pick it up and never hit the
right=%any section? I ask because obviously I have my 192.168.191.x
netblock segmented for each remote site I have. How would I accomplish
this connection if I had more than one dynamic ip address host?
ipsec.conf
version 2.0
config setup
nat_traversal=yes
forwardcontrol=yes
conn fixed-ip-site1
right=A.B.C.D # this connections static IP
rightsubnet=192.168.191.0/27
also main-tunnel-config
conn fixed-ip-site2
right=E.F.G.H #this connections static IP
rightsubnet=192.168.191.193/27
also main-tunnel-config
conn dynamic-ip-site3
right=%any
rightsubnet=192.168.191.224/27
also main-tunnel-config
conn main-tunnel-config
left=216.158.I.J #my fixed IP address of the openswan server
leftsubnet=192.168.0.0/16
leftnexthop=216.158.I.K # my gateway
leftupdown="ipsec _updown2"
type=tunnel
authby=secret
pfs=no
auto=add
keyingtries=%forever
ikelifetime=8h
ipsec.secrets
216.158.I.J A.B.C.D: PSK "key1"
216.158.I.J E.F.G.H: PSK "key2"
216.158.I.J %any: PSK "key3"
Thanks for any help...
Jeremy Mann
More information about the Users
mailing list