[Openswan Users] multiple tunnels road-warriors/net-to-net and l2tp/non-l2tp
Paul Wouters
paul at xelerance.com
Sun Mar 15 22:28:12 EDT 2009
On Sun, 15 Mar 2009, Bob Miller wrote:
> In both cases, I believe it should be possible to build a second tunnel
> that does not require the l2tp portion of the setup, so as to allow
> another firewall or road warrior to connect without using l2tp.
> Unfortunately, it doesn't seem to work for me.
It should work.
> I suspect, but cannot find proof, that one source of the problem lies in
> the right=%any clause. In the case of where I was trying to build a
> net-to-net tunnel beside the road warrior tunnel, openswan will only use
> the road warrior tunnel.
Note that openswan picks a name for the phase1 part, which might change
upon getting further into the negotiation. So it can "switch" the
connection to the right one.
If this is a linux-linux tunnel, the easy solution is to use raw RSA
with leftid=@somestring and rightid=@otherstring. That should nail the connection
down properly in phase 1 to only that one tunnel connection.
Paul
More information about the Users
mailing list