[Openswan Users] Tunnel in tunnel question
Administrator
admin at different-perspectives.com
Sun Jun 3 04:58:32 EDT 2007
IPCop just creates an IPSec conf file and uses that through openswan. I
don't think it does anything "fancy".
Do you know if there's a problem with using the same certificates (i.e.
certs for the gateway rather than the subnet) at both ends of two tunnels?
IPCop blocks this, and I don't know why.
David
> Just create extra tunnels.
> The only unknown is whether stuff built into IPCop will make
> this more difficult.
>
> Cameron.
>
> Administrator wrote:
> > Hi,
> >
> > I'm running IPCop firewall and have an openswap VPN between
> two sites.
> > The sites have multiple subnets behind the firewalls (intranet, dmz
> > etc.), and the VPN connects the two intranets. I'd like to provide
> > access across the openswan vpn to the dmzs from the other
> site. What
> > is the best way to do this?
> >
> > IPCop's VPNs have a policy of dropping anything which is
> for the "wrong"
> > subnet.
> >
> > I've tried adding eroutes / routes through the VPN tunnel, which
> > didn't work. I've read the documentation, and can't see anything
> > which would help me.
> >
> > Is it possible to simply create a tunnel (encrypted or
> non-encrypted)
> > within the vpn tunnel to carry the other traffic, or should
> I create
> > another tunnel (preferably using the same certificates) to
> carry this
> > other traffic?
More information about the Users
mailing list