[Openswan Users] Multiple subnets through 1 tunnel

Sebastian Wild sw at cronon.org
Tue Sep 9 11:52:59 EDT 2008


De Facto I do that using L2TP and ipsec. However the tunnel here is done 
by l2tp and openswan "only" does the transport.
In this combination it does work!
Anyhow you cannot create a tunnel for a subnet that already exists on 
one side. This will cause a big routing fuss ;) since you then might 
have two interfaces in the same subnet.

As I said: on client I have a net route for the subnet i want to access 
over the tunnel and a running l2tp over ipsec connection.
on server side there is access to that subnet i want to access over the 
tunnel via the lan interface. So I did some masquerading to enable the 
vpn interface to access the lan.
And thats it.
Since the vpn server is connected to a T1 in our serverrooms I could 
route all my traffic over the vpn if i wanted.
Works fine!

cheers
Sebastian

Peter McGill wrote:
> Andy,
>
> Openswan does not allow you to route traffic into the tunnel.
> Only traffic within the subnet definitions is routed into the tunnel.
> The correct way to route an additional subnet is to add another tunnel.
> Create a duplicate conn definition with a new name and the new subnet.
> Have the admin of the remote device add the new subnet.
>
> Note with new versions, I believe 2.6.x you can add multiple subnets
> in a single conn definition with rightsubnets="192.168.2.0/24, 172.16.2.0/24".
> However I am not sure if this is produces a single tunnel or still multiple
> tunnels (one per subnet).
>
> Peter McGill
> IT Systems Analyst
> Gra Ham Energy Limited
>
>    
>> -----Original Message-----
>> From: users-bounces at openswan.org
>> [mailto:users-bounces at openswan.org] On Behalf Of Andy Van den Heede
>> Sent: September 9, 2008 10:40 AM
>> To: users at openswan.org
>> Subject: [Openswan Users] Multiple subnets through 1 tunnel
>>
>> Hello,
>>
>>
>>
>> I have a successful VPN tunnel between my local subnet
>> 192.168.1.0/24 (Openswan device) and an external subnet
>> 192.168.2.0/24 (Another device not managed by me).
>>
>> At the other device there is also another subnet
>> 172.16.2.0/24 active that I need to access through this tunnel.
>>
>>
>>
>> How can I configure my device to route this also through this
>> existent tunnel?
>>
>>
>>
>> I did a test with following command:
>>
>> ip route add 172.16.2.0/24 via 192.168.2.254 dev eth0 src
>> 192.168.1.254
>>
>>
>>
>> But I get this error:
>>
>> RTNETLINK answers: Network is unreachable
>>
>>
>>
>> Thanks in advice,
>>
>> Andy Van den Heede
>>
>>
>>
>>
>>      
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>    


-- 
Cronon AG
Servertechnik/Administration
------------------------------------------------------------------------------------
Telefon: + 49 (0)941 - 56 71 23 95
Telefax: + 49 (0)941 - 59 57 91 64
E-Mail:    sw at cronon.org
Website: http://www.cronon.org
------------------------------------------------------------------------------------
Cronon AG
Niederlassung Regensburg
Obermünsterstraße 9
93047 Regensburg
------------------------------------------------------------------------------------
Vorsitzender des Aufsichtsrates: Damian Schmidt
Vorstand: Florian Heinz, Viktor Hinterleitner,
Christian Mueller, Wolfgang von Hardenberg
Amtsgericht Berlin-Charlottenburg HRB 77957


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3306 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20080909/2e56290e/attachment.bin 


More information about the Users mailing list