[Openswan Users] Multiple VPN connections

Paul Wouters paul at xelerance.com
Thu Mar 1 11:41:37 EST 2007


On Thu, 1 Mar 2007, Michael Jacobsen wrote:

Your best bet is to NAT your one network to some other range. This is easiest
done on a seperate server on the inside of the LAN, but can be made to work
on the ipsec server itself too. But getting the NAT rules right so you don't
break things is difficult. If using netkey, use 2.6.18.1 or 2.6.17-. Don't
use 2.6.18. 2.6.19+ have not been tested much by us yet, and I know they
have crahers when using NAT-T (which i dont think you use)

Paul

> I'm wondering on how to make the following simplified setup
>
>  1. I have a Linux machine with OpenSWAN (the server) with wan IP 1.1.1.1
>  2. A network with a VPN router with WAN ip 2.2.2.2. Behind this one I
> have 192.168.1.0/24
>  3. A network with a VPN router with WAN ip 3.3.3.3. Behind this one I
> have _also_ 192.168.1.0/24
>
> I'm aware the routing tables will newer be able to determine whether a
> connection to, say 192.168.1.100, should go though the connection to
> network 2 or to network 3 as 192.168.1.100 could be (and our
> particular case most likely is) on both networks.
>
> However, our application would now which connection to use. That is,
> is it possible to create a C (or python or whatever) program that
>
>  - given the private ip 192.168.1.100
>  - and that we want to connect through the VPN connection with 2.2.2.2
>
>  makes  the proper connection connection.
>
> Also a second copy of the program should run at the same time
> connecting to 192.168.1.100 through the VPN to 3.3.3.3.
>
> Curently I'm running OpenSWAN on a 2.6 kernel, where I do not get
> ipsecX devices. I have an idea that I could solve my problem with
> ipsecX devices and should recompile my kernel? Or is it possible with
> the new 2.6 kernel way of doing ipsec?
>
> With kind regards
>   Michael Jacobsen
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list