[Openswan Users] Routing Between VPNs
James Crow
james at ultratans.com
Wed Feb 22 14:35:09 CET 2006
Hello All,
I have an Openswan 2.2/ Debian Sarge (2.6.12) system running with ~50 VPN
tunnels to remote sites. The remote sites have SonicWALL TZ150 devices.
Debian and the sonicwall hosts have static, public IPs and everything is
working well. None of the remote sites need (or can) talk to the other remote
sites across the VPN, but they can talk to the LAN that Openswan is connected
to.
I now have a need to connect ~15 remote users who will need to connect to
the central LAN (where Openswan sits) and the remote LANs. Because these 15
new users will all be connecting from dynamic IPs I wanted to use something
other than IPSec VPNs.
I installed OpenVPN (SSL VPN product) on the Openswan box and can connect to
the Openswan box through this VPN.
Can I use this setup to route traffic coming in on the OpenVPN to the
Openswan box and then out to the remote LANs?
I will attempt to draw this out:
Box A = Openswan/OpenVPN
1.2.3.4 - Public IP (static, eth0)
10.1.1.1/25 internal IP (static, eth1)
172.30.0.1/24 OpenVPN endpoint (static, tun0)
Box B = Remote site w/ SonicWALL
2.3.4.5 - Public IP (static)
192.168.101.1/24 internal IP
Box C = Remote User WinXP (DHCP)
?.?.?.? - DHCP public IP
172.30.0.6 OpenVPN endpoint
1.2.3.4 (static) 2.3.4.5(static)
Box A ------------------Internet---------------Box B
10.1.1.1 192.168.101.1
172.30.0.1
|
|
Internet
|
|
3.4.5.6 (DHCP)
Box C
172.30.0.6
I want to ping from 172.30.0.6 to 192.168.101.1 and have it routed over the
VPN. I can currently ping:
172.30.0.6 -> 172.30.0.1
172.30.0.6 -> 10.1.1.1
and
10.1.1.1 -> 192.168.101.1
10.1.1.1 -> 172.30.0.6
and
192.168.101.1 -> 10.1.1.1
If I have left out any important information or am looking at this problem the
wrong way please give me your input.
Thanks,
James
--
James Crow
IT Manager
ULTRATAN, Inc.
More information about the Users
mailing list