[Openswan Users] 2 or more virtual interfaces defined to 1 physical interface

[Lawrence Manning]

On 15 Oct 2008, at 14:42, Jennifer Agarwal wrote:

>
> Hello,
>
> In ipsec.conf can you do the following, assign multiple virtual  
> interfaces to a single physical interface?
>
> config
>    interfaces="ipsec0=eth0 ipsec1=eth0
>
> My client is interested in assigning a single ipsecX interface to  
> each connection they define so they  can track the statistics and do  
> QoS on a per connection basis.
>
> Any thoughts you have on this matter would be greatly appreciated.

My understanding is this is not possible.  At least in openswan 2.4.9  
(probably old) you cannot do this.

For traffic stats, iptables should probably suffice.  There are  
doubtless free tools that can collect this information.  You should be  
able to create a iptable rule for your tunnels and collect the stats  
that way.

For QoS it would depend on the implementation, but again IP addresses  
should be able to tell you which tunnel the traffic is on, even though  
all the traffic is on the ipsec0 interface.

Hope that helps some...
-- 

Lawrence Manning
Lead Developer
Smoothwall Ltd. -  http://www.smoothwall.net/

SmoothWall Limited
1 John Charles Way
Leeds LS12 6QA
United Kingdom

Phone:
1 800 959 3760 (USA, Canada and North America)
0870 1 999 500 (United Kingdom)
+44 870 1 999 500 (all other countries)
Fax:
+44 870 1 991 399

SmoothWall Limited is registered in England, Company Number: 4298247

This email and any attachments transmitted with it are confidential to  
the intended recipient(s) and may not be communicated to any other  
person or published by any means without the permission of SmoothWall  
Limited.  Any opinions stated in this message are solely those of the  
author.  See: http://smoothwall.net/company/email.php for the full  
text of this notice.