[Openswan Users] Connecting Cisco routers (eg 837, 877) without static IP to OpenSWAN server

Aleks Huson aleks.huson at digitalkarma.com.au
Sun Nov 19 21:57:13 EST 2006 

Can anyone suggest the best way to do the following or point me in the
direction of a guide? (I've been searching Google and the lists for a while
and haven't found anything that fits quite right)

 

I would like to setup an OpenSWAN server that will allow net-to-net
connections from remote sites using various models of Cisco routers.

 

The current situation:-

 

-          I've managed to get a net-to-net tunnel working between my
OpenSWAN server and a Cisco 877 using PSK and setting the IP addresses for
both ends statically

-          The routers I want to connect with all have the appropriate
firmware (support 3DES etc) and are various models (837, 877, 1841, etc,
etc)

-          The routers have public IP addresses, and are not behind NAT,
however they are *not* using static IP addresses. Whilst they usually stay
the same for a while, it's not guaranteed, and would be too difficult to
keep track of changes due to the quantity involved.

-          My OpenSWAN server has a public, static IP address, and is not
behind NAT (nor yet behind firewall, but will be when I've got it working)

 

The issues/questions:-

-          Each connection is for a net-to-net. I have a private subnet on
the internal side of each Cisco that I need to route through to various
subnets behind the OpenSWAN box.

-          I need to be able to have different authentication for each site.
so if I'm using right = %any, I assume that I cannot use PSK, unless I want
to give everyone the same key

-          Do I need to use authby = rsasig, or is there a better / simpler
way of setting it up so that I can have a different "login" for each client.

-          If I have to use rsasig, can anyone point me in the direction of
how to setup the Cisco end of things?

 

 

Thanks in advance for your help.

 

 

Aleks Huson

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061120/b6747f8a/attachment-0001.html

More information about the Users mailing list