[Openswan Users] Connecting two ipsec tunnels

Paul Wouters paul at xelerance.com
Thu May 11 23:01:21 CEST 2006 

On Thu, 11 May 2006, Jett, Nathan wrote:

> Thanks for the reply but I'm not sure if I fully understand your answer.  I have pasted my config below
> perhaps if that helps.

Now I am confused about what is not working? Which packets need to get where?

Paul

> ---------From ipsec.conf----------
> conn customer
>         type=tunnel
>         left=234.234.234.234
>         leftsubnet=192.168.52.0/24
>         leftnexthop=%defaultroute
>         right=123.123.123.123
>         rightsubnet=192.168.100.50/32
>         rightnexthop=%defaultroute
>         auth=esp
>         keyexchange=ike
>         esp=3des-sha1
>         ike=3des-sha1-modp1024
>         pfs=no
>         authby=secret
>         auto=start
>
> conn remoteoffice
>         type=tunnel
>         left=234.234.234.234
>         leftsubnet=192.168.52.0/24
>         leftnexthop=%defaultroute
>         right=12.12.12.12
>         rightsubnet=192.168.200.0/24
>         auth=esp
>         esp=3des-md5
>         keyexchange=ike
>         ike=3des-md5-modp1024
>         authby=secret
>         auto=add
> --------------------------------
>
> I was thinking that I could use iptables masquerade feature to make traffic coming from addresses
> in the 192.168.200.0/24 subnet look like they are coming from a 192.168.52.X IP address.  But
> please let me know if there is a simpler answer.
>
> Thanks,
> Nathan
>
>
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Thursday, May 11, 2006 12:47 PM
> To: Jett, Nathan
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] Connecting two ipsec tunnels
>
>
> On Thu, 11 May 2006, Jett, Nathan wrote:
>
> > I have installed a linux router for my company with Openswan running on it.  I have successfully created tunnels to a remote office and to one of our customer's networks.  I need to allow the remote office to access the customer's network via my linux box.  The network current setup looks like:
> >
> >  +------------------+
> >  | Customer Network |
> >  +------------------+
> >           |
> >  +------------------+
> >  | Customer Router  |
> >  +------------------+
> >           ||
> >  +-----------------------+  +----------------------+  +-------------------+
> >  | Local Openswan Server |==| Remote Office Router |--| Remote Office LAN |
> >  +-----------------------+  +----------------------+  +-------------------+
> >           |
> >     +-----------+
> >     | Local LAN |
> >     +-----------+
> >
> > How do I route packets from the remote office LAN through my linux box to the customer's network?
>
> Extend the tunnels to use rightsubnet= and leftsubnet= to match the networks you
> are trying to connect.
>
> Paul
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list