[Openswan Users] Pretty simple setup, but have some questions.

Adam Niedzwiedzki adstar at genis-x.com
Tue Aug 21 22:50:29 EDT 2007 

Hi guys,

I have 3 locations that I wish to connect as below

Main Office --- Offsite Office
	|		|
	|		|
	|		|
	-- Hosting --

All sites are connected via the internet.

Main Office has a static IP via "building router"
Offsite Office has a static IP via dsl. (ppp0)
Hosting has a /25 and IS the router as well.

All machines are leaf bering-uClibc boxes. (nothing fancy)

Main Office: eth0:210.15.225.186 eth1:10.0.1.1 -- Internal LAN (10.0.1.0/24)
MASQ/Nat'd
Offsite Office (static IP via pppoe): ppp0:202.10.93.183 eth1:10.0.10.1 --
Internal LAN(10.0.10.0/24) MASQ/Nat'd
Sub Office eth0:202.45.103.86 eth1:202.45.102.1 -- Internal LAN
(202.45.102.0/25)

I have the setup working fine between Main Office and Offsite Office (as in
each can get to the ip's on the Internal lans) the issue is with connecting
to the Hosting environment.

Being "live" ip's on the internal lan, I can get TO the Hosting from the
main/offsite office but the "Hosting" can't route back. The main reason for
the ipsec connection is Hosting is locked down, for management reasons the
Main Office and Offsite should be able to "vpn" behind the firewall to get
to the Hosting Machines.

I'm sure this has to do with left/rightnexthop config's but I have no idea
what to put, or is it the interface="ipsec...." setting I'm just not sure,
ipsec is all new to me.

Main Office Config
conn hosting-connection
       left=%defaultroute
       leftsubnet=10.0.1.0/24
       leftcert=MainOffice-cert.pem
       right=202.45.103.86
       rightsubnet=202.45.102.0/25
       rightcert=Hosting-cert.pem
	   auto=start

conn offsite-connection
        left=%defaultroute
        leftsubnet=10.0.1.0/24
        leftcert=Office-cert.pem
        right=202.10.93.183
        rightsubnet=10.0.10.0/24
        rightcert=Office-cert.pem
        auto=start

Offsite Office Config
conn hosting-connection
        left=%defaultroute
        leftsubnet=10.0.10.0/24
        leftcert=Office-cert.pem
        right=202.45.103.86
        rightsubnet=202.45.102.0/25
        rightcert=Hosting-cert.pem
        auto=start

conn mainoffice-connection
        left=%defaultroute
        leftsubnet=10.0.10.0/24
        leftcert=Office-cert.pem
        right=210.15.225.186
        rightsubnet=10.0.1.0/24
        rightcert=MainOffice-cert.pem
        auto=start

Hosting
conn offsite-connection
        left=%defaultroute
        leftsubnet=202.45.102.0/25
        leftcert=Hosting-cert.pem
        right=202.10.93.183
        rightsubnet=10.0.10.0/24
        rightcert=Office-cert.pem
        auto=start

conn mainoffice-connection
        left=%defaultroute
        leftsubnet=202.45.102.0/25
        leftcert=Hosting-cert.pem
        right=210.15.225.186
        rightsubnet=10.0.1.0/24
        rightcert=MainOffice-cert.pem
        auto=start

And last but not least do I have to add anything to make these connections
"persistant". So they stay up/try to reconnect forever etc.

Cheers and thanks in advance
Ad

More information about the Users mailing list