[Openswan Users] point-to-point connection

simon charles charlessimon at hotmail.com
Fri Jan 16 13:32:29 EST 2009


Hi !
    If it is a point-to-point ( host-to-host ) vpn tunnel then your rightsubnets are going to be a /32 and hence unique for host1.1 and host1.2 pair and host2.1 and 2.2 pair.
Ex:
host1.1
left={host1.1 public ip addr }
leftsubnet=1.1.1.1/32
right={ubuntu public ip addr }
rightsubnet=1.1.1.2/32

host1.2
left={host1.2 public ip addr }
leftsubnet=1.1.1.2/32
right={ubuntu public ip addr }
rightsubnet=1.1.1.1/32

ubuntu
conn host1.1
left={ubuntu public ip addr }
leftsubnet=1.1.1.2/32
right={host1.1 public ip addr }
rightsubnet=1.1.1.1/32

conn host1.2
left={ubuntu public ip addr }
leftsubnet=1.1.1.1/32
right={host1.2 public ip addr }
rightsubnet=1.1.1.2/32

This way you will have
1.1.1.1/32<-->host1.1<-->ubuntu<-->host1.2<-->1.1.1.2/32
 
  Hope that helps.

- Simon Charles - 




From: bach at mbconnectline.de
To: users at lists.openswan.org
Date: Wed, 14 Jan 2009 14:35:52 +0100
Subject: [Openswan Users] point-to-point connection






Nachricht



Hello 
list,
 
I have a problem 
with creating a connection as shown as follows:
 
host1.1 
-------------------                                                          
-------------------------- host1.2  
                              
|                                                         |
                              |---- 
UBUNTU-VPN-SERVER -----|
                              
|                                                         
|
host2.1 
-------------------   
                                                       
-------------------------- host2.2
 

I want 
to configure an UBUNTU-VPN-Server (with only one network-hardware ---> i use 
virtual interfaces/lans) so that host1.1 can log in via vpn and host 1.2 can log 
in via vpn.
Both hosts should meat each other in the Servers virtual LAN1. 
Host2.1 and host 2.2 should meat each other in the virtual LAN2. The 1.x hosts 
should not be able to ping the 2.x hosts. 
I 
wanted to solve that probleme with interface-forwarding. when host1.1 logs in he 
gets ipsec0 when host1.2 logs in he gets ipsec1 BUT there is only one interface 
for both connections.and neither host1.1 nor host1.2 are getting an ip from the 
vpn-server. there are only the entries in the routing-table. But what if the 
subnet of host1.1 and host 1.2 have the same netadress? there will be 
adressconflicts in the routing-table.... Thats because I wanted to solve that 
problem via interface-forwarding BUT as already mentioned ipsec with openswan 
does not build extra interfaces for each connection.
Has 
anybody who understood what i want (sorry for my bad english.. :) an idea how 
reach the assembly 
above?
 
thanx 
for ya help,
with 
best regards from germany bavaria (OKTOBERFEST),
 
joe
 
Technikum:
 
MB connect line 
Fernwartungssysteme GmbH
Winnettener Str. 5
D-91550 Dinkelsbühl
Tel.: 0049 9851 582529 84
Fax: 0049 9851 582529 99
 
 
Stammhaus:
 
MB connect line
Fernwartungssysteme GmbH
Raiffeisenstrasse 4
D-74360 Ilsfeld
Fon: 0049 7062 9178788
Fax: 0049 7062 9178792
 
 
Sitz der Gesellschaft: D-74360 Ilsfeld
Ust. Id. Nummer: DE185259018
Registergericht: Stuttgart Germany HRB106261
Geschäftsführer: Werner Belle, Siegfried Müller
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090116/1f9ca7dd/attachment.html 


More information about the Users mailing list