[Openswan Users] assistance with atypical configuration
Roel van Meer
rolek at bokxing.nl
Wed Nov 10 02:13:39 EST 2010
Neal Murphy writes:
> On Tuesday 09 November 2010 12:30:08 Frank Temple wrote:
>> I am investigating how to configure the network detailed below. I am aware
>> that some manual scripting may be required. All of the hosts are using
>> There are four hosts. The tunnels are detailed with the lines above. The
>> objective is to permit A to communicate with D through B or C. A needs to
>> route to D in the morning via B and in the afternoon via C. This is the
>> part where I assume some manual scripting may be required. I can do that
>> part, I just need to learn what needs to be done. The private IP for D
>> should be the same for A independent of the tunnel (B,C) selected.
> Every *routed* LAN must have a unique address.
> Using two routes equally involves 'policy routing'. Take a gander at
> lartc.org; in Linux at least, you can configure both A and D to balance the
> traffic between each other using both B and C.
> If you really have to have overlapping (or concurrent) subnets at A and D, you
> will have to find a way to bridge the two LANs across the IPSEC tunnels. My
> simple mind say, "Lift layer 2 into a point-to-point tunnel between A and D."
I agree. I also thought up a rather complex scenario involving lots of
NATting, but that wouldn't meet the requirement that a change of tunnels
would not cause any data loss.
If you could drop the requirement that A and D need to be reachable by the
same IP address depending on the tunnel selected, things get easier very
quickly. I'm wondering, would it be acceptible to give D two IP addresses
and use NAT to ensure traffic arriving at D always has the same destination
address? I can understand that you'd like A to always be able to talk to the
same IP address of D, but does it need to be that way physically as well?
More information about the Users