[Openswan Users] Connecting two ipsec tunnels

Jett, Nathan NJett at rpmstaff.com
Thu May 11 15:27:26 CEST 2006 

Paul

Thanks for the reply but I'm not sure if I fully understand your answer.  I have pasted my config below 
perhaps if that helps.  

---------From ipsec.conf----------
conn customer
        type=tunnel
        left=234.234.234.234              
        leftsubnet=192.168.52.0/24   
        leftnexthop=%defaultroute       
        right=123.123.123.123
        rightsubnet=192.168.100.50/32
        rightnexthop=%defaultroute
        auth=esp
        keyexchange=ike
        esp=3des-sha1
        ike=3des-sha1-modp1024
        pfs=no
        authby=secret
        auto=start                        

conn remoteoffice
        type=tunnel
        left=234.234.234.234              
        leftsubnet=192.168.52.0/24      
        leftnexthop=%defaultroute       
        right=12.12.12.12
        rightsubnet=192.168.200.0/24
        auth=esp
        esp=3des-md5
        keyexchange=ike
        ike=3des-md5-modp1024
        authby=secret
        auto=add   
--------------------------------

I was thinking that I could use iptables masquerade feature to make traffic coming from addresses 
in the 192.168.200.0/24 subnet look like they are coming from a 192.168.52.X IP address.  But 
please let me know if there is a simpler answer.

Thanks,
Nathan


-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Thursday, May 11, 2006 12:47 PM
To: Jett, Nathan
Cc: users at openswan.org
Subject: Re: [Openswan Users] Connecting two ipsec tunnels


On Thu, 11 May 2006, Jett, Nathan wrote:

> I have installed a linux router for my company with Openswan running on it.  I have successfully created tunnels to a remote office and to one of our customer's networks.  I need to allow the remote office to access the customer's network via my linux box.  The network current setup looks like:
>
>  +------------------+
>  | Customer Network |
>  +------------------+
>           |
>  +------------------+
>  | Customer Router  |
>  +------------------+
>           ||
>  +-----------------------+  +----------------------+  +-------------------+
>  | Local Openswan Server |==| Remote Office Router |--| Remote Office LAN |
>  +-----------------------+  +----------------------+  +-------------------+
>           |
>     +-----------+
>     | Local LAN |
>     +-----------+
>
> How do I route packets from the remote office LAN through my linux box to the customer's network?

Extend the tunnels to use rightsubnet= and leftsubnet= to match the networks you
are trying to connect.

Paul

More information about the Users mailing list