[Openswan Users] Multiple tunnels
Paul Wouters
paul at xelerance.com
Thu Apr 5 15:54:03 EDT 2007
On Tue, 3 Apr 2007, Keun Lee wrote:
> conn ab
> left=192.168.0.60
> right=192.168.0.59
>
> conn bc
> left=192.168.1.60
> right=192.168.1.59
>
> conn ac
> left=192.168.0.60
> right=192.168.1.59
>
> When connection ac is started, I can ping from A to C
> and tcpdump shows ESP packets between A and C.
eh? All machines are in the same subnet with one leg, so they
will use arp and connect directly instead of route packets (via ipsec)
If your box has eth0 in 192.168.0.0/24 and eth1 in 192.168.1.0/24, you
cannot build tunnels from eth0 on one machine to eth1 on the other machine.
If this is a testing setup, you need to make your testing look more like
the real world. If this is the ultimate goal, then you need to use type=%direct
and make sure you don't try to connect a subnet via ipsec that is actually
local to you already on the other ethernet card.
Paul
More information about the Users
mailing list