[Openswan Users] Multiple RoadWarrior
Paul Wouters
paul at xelerance.com
Mon Apr 26 19:25:14 EDT 2010
On Mon, 26 Apr 2010, Kail wrote:
>> Where does 10.0.0.1/32 come from? It should not be needed. Unless
>> you specifically want 1 internal IP to be reachable.
>
> True. Roadwarriors only need to reach the GW at the moment.
>
>>> leftsourceip=10.0.0.1
>>
>>> right=%any
>>> auto=add
>>>
>>> conn roadwarrior1
>>> rightsubnet=10.1.1.0/24
>>> also=roadwarrior-base
>>>
>>> conn roadwarrior2
>>> rightsubnet=10.1.2.0/24
>>> also=roadwarrior-base
>>
>> So you are building two tunnels? from 10.0.0.1/32 to 10.1.1.0/24 and
>> 10.1.2.0/24.
>> Oh I see. Each raodwarrior has its own subnet? Then you most likely will
>> need
>> to specify a rightid=@roadwarriorX in conn roadwarriorX and leftid=@server
>> in
>> roadwarror-base
>
> I need all roadwarriors to be connected at the same time and the GW to
> reach each one of them.
Sure.
> There is a way to achieve this without splitting the subnets? How does
> the GW choose which tunnel to use if i don't use different subnets?
conn roadwarrior1
rightid=@cust1
also=roadwarrior-base
conn roadwarrior2
rightid=@cust2
also=roadwarrior-base
etc.
The leftid/rightid can be used to pinpoint one tunnel to one remote identity.
Paul
More information about the Users
mailing list