[Openswan Users] Multiple RoadWarrior
kaildio at gmail.com
Sun Apr 25 16:21:19 EDT 2010
i'd like to ask for advice regarding the use of ipsec and openswan in
somehow a strange situation; please excuse me if this isn't the right
I've a ipsec gateway server (let's call it 'gw' ) with openswan
installed; it has a single interface (eth0) connected with a public
Then, i've hundreds of RoadWarriors systems ( called 'rw' ) composed
by 2 pieces:
- a gw with one interface connected to internet ( ppp0 ) with dynamic
ip and one internal interface ( eth0 )
- another pc ( 'peer' ), the one i want to reach connected on the same
net as the internal interface of the local gw
The RoadWarriors don't run openswan, they're embedded devices. Only
PSK auth supported.
I have the following constraints:
- all RoadWarriors's tunnels can be active at the same time
- RoadWarriors can't reach others RW via ipsec tunnels even if someone
changes their configuration ( assume they are not in a safe place )
- "Peer" can reach the GW using the tunnel ( GW has a tunneled ipaddr )
- GW can reach all RoadWarriors's 'peer' whose gw have the tunnel up,
at the same time
I can't use Opportunistic.
Is this technically possible? Which are the "trickiest" parts?
Can you please point me toward the right openswan settings?
Here is my guess, to be tested since roadwarriors are not ready yet.
Thanks for your time reading this.
More information about the Users