[Openswan Users] HOWTO configure multi-site VPNs
Peter McGill
petermcgill at goco.net
Thu Mar 20 11:00:01 EDT 2008
Once more you cannot route traffic into ipsec tunnels.
You must setup subnet conn's for them.
Ie)
H1 ipsec.conf:
conn s1-s2
left=h1
leftsubnet=s1
right=h2
rightsubnet=s2
conn s1-s3
left=h1
leftsubnet=s1
right=h2
rightsubnet=s3
H2 ipsec.conf
# conn's from both h1 above and h3 below
H3 ipsec.conf
conn s3-s2
left=h3
leftsubnet=s3
right=h2
rightsubnet=s2
conn s3-s1
left=h3
leftsubnet=s3
right=h2
rightsubnet=s1
Peter McGill
> -----Original Message-----
> From: users-bounces at openswan.org
> [mailto:users-bounces at openswan.org] On Behalf Of John Mok
> Sent: March 20, 2008 10:52 AM
> To: users at openswan.org
> Subject: [Openswan Users] HOWTO configure multi-site VPNs
>
> Hi,
>
> Due to link speed of regional internet connection, I need to setup
> Openswan VPN to link multiple sites in a straight line rather
> than fully
> meshed manner :-
>
> subnet 1 subnet 2 subnet 3
> 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24
> GW1--------------GW2--------------GW3
> (211.1.1.1) (61.1.1.1) (210.1.1.1)
>
> The VPN connections between subnet1-subnet2 and subnet2-subnet3 work
> fine, but I can not ping between subnet1-sbunet3. I added the
> routings
> to both subnet 1 and subnet 3, e.g. ip route add 192.168.3.0/24 dev
> ipsec0, but it still does work.
>
> Can anyone help to advise me how to configure the VPN
> connections such
> that subnet 1 can reach subnet 3 via subnet 2?
>
> Thanks a lot.
>
> John Mok
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155
More information about the Users
mailing list