[Openswan Users] Multiple adsl and leftnexthop use
fviel at comune.belluno.it
Mon Jun 5 14:45:21 CEST 2006
I'm still fighting with the multiple dsl vpn problem. I search how to do,
and follow Openusers suggestions coming from my first post but I did not
manage to get out.
So I have better to re-explain my problem.
I got the following conf:
| | ADSL |
+-------------+ Provider 1 +-------
__ | | GW1 | /
___/ \_ +------+-------+ +------------+ |
_/ \__ | eth1 | /
/ \ | | |
| Local network -----+eth0 VPN GW | | Internet
\_ __/ | | |
\__ __/ | eth2 | \
\___/ +------+-------+ +------------+ |
| | | \
+-------------+ Provider 2 +-------
| GW2 | HDSL |
On ADSL (Slow but Flat)I route all Internet (http, ftp, etc.) traffic.
On HDSL link (Fast but Leased Line) I want to use Openswan in L2tp/Ipsec
(=>Road Warrior => no static route applicable as in a IPSEC GW-GW conf!)
Obviously on VPN GW the default gw is GW1 (route add default gw GW1)
On the other hand I want to redirect the IPSEC (say generated in response of
connections initiated from any IP) to GW2 and hence it MUST born on eth2!!
I Thought it was possible to do that using the leftnexthop directive to let
ipsec packet born from eth2 and travel through GW only for ipsec traffic,
but I didn't manage to do this. VPN start correctly but only if I use GW2 as
I read the ipsec.conf manual but perhaps I didn't understand the use of
leftnexthop directive.... Could anyone explain that better than
And Could anyone suggest a solution for this kind of problem please?
Thank you in advance.
> -----Messaggio originale-----
> Da: Radek Antoniuk [mailto:r.antoniuk at pixel.com.pl]
> Inviato: venerdì 2 giugno 2006 16.35
> A: Federico
> Cc: users at openswan.org
> Oggetto: Re: R: R: [Openswan Users] VPN on Multiple DLS router
> Federico wrote:
> >Sorry, what do you mean? I already tried the following (as stated in my
> >first post):
> >ip rule add from $IP2 table T2
> >May be you are using a lan to lan VPN where my config is a road-warrior
> >So x.yz is the address of your remote (right) vpn-gw... Am I wrong?
> >But I can't do that!!
> >I just would say: everything coming from the public IP of my HDSL-
> >Go trough my hdsl GW...
> >But how?
> >Thank you for your patience!
> Maybe this will help.
> ip rule add to your_public_ip_hdsl lookup table 100
> ip r a default via your_hdsl_gw dev your_hdsl_dev table 100
Sorry, I come back to the office today...
More information about the Users