[Openswan Users] VPN connection between two subnets on same server
Arjun Datta
arjun at greatgulfhomes.com
Wed Jun 4 16:02:22 EDT 2008
I am trying this setup and am curious to see if it is allowed.
VPN server:
2.6.22.9-61.fc6
Linux Openswan U2.4.5/K2.6.22.9-61.fc6 (netkey)
1 WAN NIC, 2 LAN NICs on separate subnets
eth0 = WAN
eth1 = 10.243.102.230
eth2 = 10.241.100.230
I want to create a VPN connection between the 2 subnets using this machine.
conn ggh-gghdev
# Left Security gateway, subnet behind it, next hop toward right
left=WAN IP
leftsubnet=10.241.0.0/16
leftnexthop=216.191.52.65
# Right Security gateway, subnet behind it, next hop towards left
right=WAN IP
rightsubnet=10.243.0.0/16
rightnexthop=216.191.52.65
keyingtries=0
authby=secret
type=tunnel
auto=start
[root at vpn sysconfig]# ipsec auto --status | grep ggh-gghdev
000 "ggh-gghdev":
10.243.0.0/16===216.191.52.91---216.191.52.65...216.191.52.65---216.191.52.91===10.241.0.0/16;
unrouted; eroute owner: #0
000 "ggh-gghdev": srcip=unset; dstip=unset; srcup=ipsec _updown;
dstup=ipsec _updown;
000 "ggh-gghdev": ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 0
000 "ggh-gghdev": policy: PSK+ENCRYPT+TUNNEL+PFS; prio: 16,16;
interface: ;
000 "ggh-gghdev": newest ISAKMP SA: #0; newest IPsec SA: #0;
NATing part of /etc/sysconfig/iptables:
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -d ! 10.0.0.0/255.0.0.0 -o eth0 -j MASQUERADE
COMMIT
Now, before I spend too much time troubleshooting this, is the above
scenario possible/doable ? The VPN connection spans the same machine as
both left and right albeit between different subnets.
--
Regards,
Arjun Datta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080604/e9a61c70/attachment.html
More information about the Users
mailing list