[Openswan Users] HOWTO configure multi-site VPNs
John Mok
jmok at attglobal.net
Thu Mar 20 19:52:22 EDT 2008
Hi Peter,
Thank you very much for your reply.
However, I am using X.509 certificates for encryption, please help to
advise if the following config. is right :-
> H1 ipsec.conf:
> conn s1-s2
> left=h1
> leftsubnet=s1
leftcert=gw1.pem
> right=h2
> rightsubnet=s2
rightcert=gw2.pem
>
> conn s1-s3
> left=h1
leftcert=gw1.pem
> leftsubnet=s1
> right=h2
rightcert=gw3.pem
> rightsubnet=s3
Thanks a lot.
John Mok
Peter McGill wrote:
> Once more you cannot route traffic into ipsec tunnels.
> You must setup subnet conn's for them.
> Ie)
>
> H1 ipsec.conf:
> conn s1-s2
> left=h1
> leftsubnet=s1
> right=h2
> rightsubnet=s2
>
> conn s1-s3
> left=h1
> leftsubnet=s1
> right=h2
> rightsubnet=s3
>
> H2 ipsec.conf
> # conn's from both h1 above and h3 below
>
> H3 ipsec.conf
> conn s3-s2
> left=h3
> leftsubnet=s3
> right=h2
> rightsubnet=s2
>
> conn s3-s1
> left=h3
> leftsubnet=s3
> right=h2
> rightsubnet=s1
>
>
> Peter McGill
>
>
More information about the Users
mailing list