[Openswan Users] Connecting two ipsec tunnels

Jett, Nathan NJett at rpmstaff.com
Thu May 11 17:44:52 CEST 2006


Sorry for the confusion.  I have a working tunnel to my customer who is allowing access to a server at 192.168.100.50 on their network.  I also have a working tunnel to my remote office to access their network at 192.168.200.0/24.   However my remote office can not connect to the customer's server at 192.168.100.50.

I need my remote office to be able to connect through my linux/openswan system to my customer's server.

I was assuming I would have to masquerade the packets coming from my remote office to look like they are coming from an IP address on my local network before they would be allowed to pass to the customer's network.

I hope this make more sense.

Nathan

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Thursday, May 11, 2006 3:01 PM
To: Jett, Nathan
Cc: users at openswan.org
Subject: RE: [Openswan Users] Connecting two ipsec tunnels


On Thu, 11 May 2006, Jett, Nathan wrote:

> Thanks for the reply but I'm not sure if I fully understand your answer.  I have pasted my config below
> perhaps if that helps.

Now I am confused about what is not working? Which packets need to get where?

Paul

> ---------From ipsec.conf----------
> conn customer
>         type=tunnel
>         left=234.234.234.234
>         leftsubnet=192.168.52.0/24
>         leftnexthop=%defaultroute
>         right=123.123.123.123
>         rightsubnet=192.168.100.50/32
>         rightnexthop=%defaultroute
>         auth=esp
>         keyexchange=ike
>         esp=3des-sha1
>         ike=3des-sha1-modp1024
>         pfs=no
>         authby=secret
>         auto=start
>
> conn remoteoffice
>         type=tunnel
>         left=234.234.234.234
>         leftsubnet=192.168.52.0/24
>         leftnexthop=%defaultroute
>         right=12.12.12.12
>         rightsubnet=192.168.200.0/24
>         auth=esp
>         esp=3des-md5
>         keyexchange=ike
>         ike=3des-md5-modp1024
>         authby=secret
>         auto=add
> --------------------------------
>
> I was thinking that I could use iptables masquerade feature to make traffic coming from addresses
> in the 192.168.200.0/24 subnet look like they are coming from a 192.168.52.X IP address.  But
> please let me know if there is a simpler answer.
>
> Thanks,
> Nathan
>
>
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Thursday, May 11, 2006 12:47 PM
> To: Jett, Nathan
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] Connecting two ipsec tunnels
>
>
> On Thu, 11 May 2006, Jett, Nathan wrote:
>
> > I have installed a linux router for my company with Openswan running on it.  I have successfully created tunnels to a remote office and to one of our customer's networks.  I need to allow the remote office to access the customer's network via my linux box.  The network current setup looks like:
> >
> >  +------------------+
> >  | Customer Network |
> >  +------------------+
> >           |
> >  +------------------+
> >  | Customer Router  |
> >  +------------------+
> >           ||
> >  +-----------------------+  +----------------------+  +-------------------+
> >  | Local Openswan Server |==| Remote Office Router |--| Remote Office LAN |
> >  +-----------------------+  +----------------------+  +-------------------+
> >           |
> >     +-----------+
> >     | Local LAN |
> >     +-----------+
> >
> > How do I route packets from the remote office LAN through my linux box to the customer's network?
>
> Extend the tunnels to use rightsubnet= and leftsubnet= to match the networks you
> are trying to connect.
>
> Paul
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list