[Openswan Users] Tunnel headends
Andy Gay
andy at andynet.net
Fri Mar 23 10:18:07 EDT 2007
On Fri, 2007-03-23 at 15:13 +0200, Andrei-Florian Staicu wrote:
> Hello list,
>
> I know this has to had been asked countless times, but i wasn't able to
> find a definitive solution on the web.
> My config is Openswan 2.4.5 (moving soon to 2.4.7), kernel 2.6.20.3
> (cannot yet build klips due to compile errors, i'll wait for 2.4.8 to
> reach final) with netkey.
> I have a working tunnel like this:
> 192.168.3.0/24===<extipA>[@srvA]...<extipB>[@srvB]===192.168.4.0/24
> Is there any way to make the headends (192.168.3.1 and 192.168.4.1) see
> eachother?
Yes, use <left/right>sourceip.
Assuming your conns are written with left/right as you show above,
use leftsourceip=192.168.3.1 on srvA, rightsourceip=192.168.4.1 on srvB.
E.g. if the conn on srvA has leftsubnet=192.168.3.1/24, then add
leftsourceip=192.168.3.1. Similarly on srvB, if it has
rightsubnet=192.168.4.0/24, then add rightsourceip=192.168.4.1.
> I have to mention that srvA is a roadwarrior (adsl dynamic ip).
Should not be a problem.
>
> Thanks and sorry for bugging you.
NP. HTH. :)
- Andy
>
> --
> Andrei-Florian STAICU
> Network administrator
> Tel: (+40) 741.227.014
> IPSO S.A.
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list