[Openswan Users] How to combine two VPN tunnels

Paul Wouters paul at xelerance.com
Mon Apr 13 12:18:49 EDT 2009 

On Mon, 13 Apr 2009, Marcus Carlson wrote:

> If I'm correct then OpenVPN would allow you to do this. But of course
> the roadwarriors have to use a different client then.

That seems unlikely, as gwB would still have the problem of not knowing
when roadwarior is connected to gwA on a random IP address to send its
traffic to gwA. So this could only work if gwA upon connecting with the
roadwarrior, would connect to gwB and tell it to route subnetB for
the roadwarrior ip via gwA. Possible, but requires lots of custom hacks
that will not prove to be stable when you add multiple roadwarriors into
the mix.

Paul

> Marcus
>
> Curu Wong skrev:
>> Got! Thanks.
>> then,is there a way for roadwarrior to connect to subnetB ? Should I
>> use dynamic dns or something like that?
>>
>> 2009/4/13 Paul Wouters <paul at xelerance.com <mailto:paul at xelerance.com>>
>>
>>     On Mon, 13 Apr 2009, Curu Wong wrote:
>>
>>           I am in such a situation of VPN configuration:
>>          gateway gwA with a fixed public IP,And there is a subnet
>>         192.168.9.0/24 <http://192.168.9.0/24> behind it.
>>          gateway gwB,which obtains its IP from ISP using pppoe,And
>>         there is
>>         a subnet 192.168.30.0/24 <http://192.168.30.0/24> behind it.
>>          There is a tunnel between the two subnets via gwA and gwB.And
>>         there
>>         is a tunnel for road warrior to connect subnet 192.168.9.0/24
>>         <http://192.168.9.0/24> via gwA.
>>          What I want is to connect to both subnets
>>         (192.168.30.0/24,192.168.9.0/24
>>         <http://192.168.30.0/24,192.168.9.0/24>) as a road warrior via
>>         gwA, Is this
>>         possible?
>>           By the way,I don't want to use l2tp.
>>
>>
>>     You cannot, since subnetB or gwB would need to "know" where the
>>     roadwarrior is to ensure its packets for subnetB would get send
>>     via the tunnel to gwA. But since roadwarrior is on a dynamic IP,
>>     you cannot know.
>>
>>     Unless you route all non-local traffic for subnetB via a tunnel
>>     to gwA.
>>
>>     Paul
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list