[Openswan Users] Multiple RoadWarrior

Paul Wouters paul at xelerance.com
Mon Apr 26 19:25:14 EDT 2010


On Mon, 26 Apr 2010, Kail wrote:

>> Where does 10.0.0.1/32 come from? It should not be needed. Unless
>> you specifically want 1 internal IP to be reachable.
>
> True. Roadwarriors only need to reach the GW at the moment.
>
>>>       leftsourceip=10.0.0.1
>>
>>>       right=%any
>>>       auto=add
>>>
>>> conn roadwarrior1
>>>       rightsubnet=10.1.1.0/24
>>>       also=roadwarrior-base
>>>
>>> conn roadwarrior2
>>>       rightsubnet=10.1.2.0/24
>>>       also=roadwarrior-base
>>
>> So you are building two tunnels? from 10.0.0.1/32 to 10.1.1.0/24 and
>> 10.1.2.0/24.
>> Oh I see. Each raodwarrior has its own subnet? Then you most likely will
>> need
>> to specify a rightid=@roadwarriorX in conn roadwarriorX and leftid=@server
>> in
>> roadwarror-base
>
> I need all roadwarriors to be connected at the same time and the GW to
> reach each one of them.

Sure.

> There is a way to achieve this without splitting the subnets? How does
> the GW choose which tunnel to use if i don't use different subnets?


conn roadwarrior1
       rightid=@cust1
      also=roadwarrior-base

conn roadwarrior2
      rightid=@cust2
      also=roadwarrior-base

etc.

The leftid/rightid can be used to pinpoint one tunnel to one remote identity.

Paul


More information about the Users mailing list