[Openswan Users]
VPN connecting two subnets by openswan and zyxel prestige?
Andre Mueller
andre.mueller at himmel-blau.com
Wed Apr 12 19:57:46 CEST 2006
Hello
I think my problem is rather an easy one but nevertheless I am remaining stuck
with it also having already read "tonnes" of FAQ and configuration samples.
Therefore I would appreciate very much any helpful suggestions.
My aim is to connect two networks (main office and branch) over IPsec with PSK
(I know PSK it is rather insecure etc.). At the head office we have a
gateway/firewall based on SuSE 10.1 (Kernel 2.6.16) Openswan (2.4.4). At the
branch office there is a Zyxel Prestige 660 ADSL-Modem/Router. Our situation is
the following :
main office [ SuSE Gateway ] [ Zyxel Prestige 660 ]
10.0.0.0/16 - 10.0.0.1 = 62.XX.YY.114 ... 212.XX.YY.80 = 10.1.0.1 - 10.1.0.0/16
LAN eth0 eth2 wan eth0 LAN
With the Openswan configuration below the branch office Zyxel Router can
establish an tunnel successfully but unfortunately the intended route between
both local subnets do not work. On the SuSE Gateway the subnet 10.1.0.0 is bound
to the public interface eth2 and traffic coming from the branch office over the
tunnel is showing up at eth2 (iftop -i eth2) and not as it is intended on eth0
to be route to the local subnet at the head office. So I think I have missed
something important. I have read the FAQ about multiple tunnels but with the
Zyxel Prestige 660 I can configure only two VPN connections/tunnels and I would
like to have the second one as reserve to connect to an additional planed branch
office.
config setup
klipsdebug="none"
plutodebug="none"
uniqueids=no
interfaces="ipsec0=eth2"
dumpdir="/var/log"
conn main_branch
type=tunnel
authby=secret
pfs=no
left=62.XX.YY.114 # eth2 public interface
leftsubnet=10.0.0.0/16 # should be on the local interface eth0
leftnexthop=62.XX.YY.113
right=212.XX.YY.80
rightsubnet=10.1.0.0/16
auto=add
keyingtries=3
Many thanks in advance, Andre Mueller
More information about the Users
mailing list