[Openswan Users] Connecting two ipsec tunnels

[Jett, Nathan]

This would probably be the ideal solution but I plan on setting up several more tunnels to additional remote offices and employee homes that will all need access to the customer's server.  The customer is unwilling to set up a large number of VPN tunnels and expects us to handle the connections on our side.

I guess I'll try playing with iptables to see what can be done.

Nathan

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Thursday, May 11, 2006 7:20 PM
To: Jett, Nathan
Cc: users at openswan.org
Subject: RE: [Openswan Users] Connecting two ipsec tunnels


On Thu, 11 May 2006, Jett, Nathan wrote:

> Sorry for the confusion.  I have a working tunnel to my customer who is allowing access to a server at 192.168.100.50 on their network.  I also have a working tunnel to my remote office to access their network at 192.168.200.0/24.   However my remote office can not connect to the customer's server at 192.168.100.50.
>
> I need my remote office to be able to connect through my linux/openswan system to my customer's server.
>
> I was assuming I would have to masquerade the packets coming from my remote office to look like they are coming from an IP address on my local network before they would be allowed to pass to the customer's network.

Why not just add another IPsec tunnel instead of using NAT? If I understood
you right, you should be able to setup another tunnel for 192.168.200/24 to
192.168.100.50.  Using NAT and IPsec can be tricky, because NAT breaks IPsec.

Paul