[Openswan Users] HOWTO configure multi-site VPNs
John Mok
jmok at attglobal.net
Fri Mar 21 03:38:14 EDT 2008
Hi Peter,
Thank you very much for your reply.
I am using x.509 certificates for encryption, and I tried the following
but have no luck :-
H1 ipsec.conf:
conn s1-s2
left=h1
leftsubnet=s1
leftcert=cert_h1.pem
right=h2
rightsubnet=s2
rightcert=cert_h2.pem
conn s1-s3
left=h1
leftsubnet=s1
leftcert=cert_h1.pem
right=h2
rightsubnet=s3
rightcert=cert_h3.pem
H2 ipsec.conf
# conn's from both h1 above and h3 below, i.e. s1-s2, s1-s3, s3-s2 and
s3-s1, total 4 connections
H3 ipsec.conf
conn s3-s2
left=h3
leftsubnet=s3
leftcert=cert_h3.pem
right=h2
rightsubnet=s2
rightcert=cert_h2.pem
conn s3-s1
left=h3
leftsubnet=s3
leftcert=cert_h3.pem
right=h2
rightsubnet=s1
rightcert=cert_h1.pem
On h3, ipsec eroute showed the connection s3-s1 was in "trap" status. On
h2, both s1-s3 and s3-s1 connections were in "trap" status. Please help
to advise what went wrong.
Thanks a lot.
John Mok
Peter McGill wrote:
> Once more you cannot route traffic into ipsec tunnels.
> You must setup subnet conn's for them.
> Ie)
>
> H1 ipsec.conf:
> conn s1-s2
> left=h1
> leftsubnet=s1
> right=h2
> rightsubnet=s2
>
> conn s1-s3
> left=h1
> leftsubnet=s1
> right=h2
> rightsubnet=s3
>
> H2 ipsec.conf
> # conn's from both h1 above and h3 below
>
> H3 ipsec.conf
> conn s3-s2
> left=h3
> leftsubnet=s3
> right=h2
> rightsubnet=s2
>
> conn s3-s1
> left=h3
> leftsubnet=s3
> right=h2
> rightsubnet=s1
>
>
> Peter McGill
>
>
More information about the Users
mailing list