[Openswan Users] Multiple adsl and leftnexthop use

Federico fviel at comune.belluno.it
Mon Jun 5 14:45:21 CEST 2006 

Hello,
I'm still fighting with the multiple dsl vpn problem. I search how to do,
and follow Openusers suggestions coming from my first post but I did not
manage to get out.
So I have better to re-explain my problem.

I got the following conf:


                                                              ________
                                          +------------+        /
                                          |            |  ADSL |
                            +-------------+ Provider 1 +-------
        __                  |             |     GW1    |     /
    ___/  \_         +------+-------+     +------------+    |
  _/        \__      |     eth1     |                      /
 /             \     |              |                      |
| Local network -----+eth0 VPN  GW  |                      |     Internet
 \_           __/    |              |                      |
   \__     __/       |     eth2     |                      \
      \___/          +------+-------+     +------------+    |
                            |             |            |     \
                            +-------------+ Provider 2 +-------
                                          |    GW2     | HDSL  |
                                          +------------+        \________

On ADSL (Slow but Flat)I route all Internet (http, ftp, etc.) traffic.
On HDSL link (Fast but Leased Line) I want to use Openswan in L2tp/Ipsec
(=>Road Warrior => no static route applicable as in a IPSEC GW-GW conf!)  

Obviously on VPN GW the default gw is GW1 (route add default gw GW1)
On the other hand I want to redirect the IPSEC (say generated in response of
connections  initiated from any IP) to GW2 and hence it MUST born on eth2!!
I Thought it was possible to do that using the leftnexthop directive to let
ipsec packet born from eth2 and travel through  GW only for ipsec traffic,
but I didn't manage to do this. VPN start correctly but only if I use GW2 as
default gw.
I read the ipsec.conf manual but perhaps I didn't understand the use of
leftnexthop directive.... Could anyone explain that better than
documentation? 
And Could anyone suggest a solution for this kind of problem please?
Thank you in advance.

Best Regards
FV


> -----Messaggio originale-----
> Da: Radek Antoniuk [mailto:r.antoniuk at pixel.com.pl]
> Inviato: venerdì 2 giugno 2006 16.35
> A: Federico
> Cc: users at openswan.org
> Oggetto: Re: R: R: [Openswan Users] VPN on Multiple DLS router
> 
> Federico wrote:
> 
> >Sorry, what do you mean? I already tried the following (as stated in my
> >first post):
> >
> >ip rule add from $IP2 table T2
> >
> >May be you are using a lan to lan VPN where my config is a road-warrior
> >VPN...
> >So x.yz is the address of your remote (right) vpn-gw... Am I wrong?
> >But I can't do that!!
> >I just would say: everything coming from the public IP of my HDSL-
> interface
> >Go trough my hdsl GW...
> >But how?
> >Thank you for your patience!
> >FV
> >
> >
> >
> Maybe this will help.
> 
> ip rule add to your_public_ip_hdsl lookup table 100
> ip r a default via your_hdsl_gw dev your_hdsl_dev table 100
> 
Sorry, I come back to the office today...
I

More information about the Users mailing list