[Openswan Users] VPN Network Structure
Philip Mountifield
pmountifield at formac.net
Fri Nov 21 08:04:41 EST 2008
Hi,
I am a recent user of Openswan and this is my first posts to the group,
so greetings to you all.
I am currently in the process of setting up an Openswan VPN server to
link to a number of devices such as Netgear routers (FVS114 and FVG318)
a Chinese CDMA router (running Linux and Freeswan 1.99) and a central
Openswan server (Openswan U2.6.14/K2.6.18-92.1.13.el5 (netkey)).
These devices are connected to the Openswan server and in their own
right communicate very well and reliably. I have also setup the network
local to the server to be able to access the various subnets via the
server. Each device is on a different class C subnet with mask
255.255.255.0, most are fixed external IP and the CDMA link is dynamic.
With the setup described above I am able to access all of the subnets
from the Openswan server and local LAN (due to some static routing info
added to the router), and I am able to access the local LAN of the
server from each of the subnets, but I am unsure how to alter the setup
to allow selected subnets to communicate with each other via the
Openswan server. Should I make the central subnet a different class such
as A or B and then extrude sections of this larger subnet through the
IPsec tunnels to the other locations or is there a way to pass
additional routing information to the devices to let them know that
certain other subnets are accessible through the VPN tunnel?
I am also unsure about how one should control which subnets can
communicate with one another? Can this be done by disabling ip
forwarding and instead construction some suitable iptables rules?
Any advice is appreciated.
Kind regards
Philip
More information about the Users
mailing list