[Openswan Users] Tunnels over dual DSL connections

Paul Wouters paul at xelerance.com
Sat Oct 23 22:08:10 EDT 2010

On Fri, 22 Oct 2010, Don Applick wrote:

> I have a router with two DSL connections (and an eth0 of course): 
> ppp0: IP =, gateway =
> ppp1: IP =, gateway =
> Currently I use Openswan for a  VPN  via ppp0 to remote site A @ x.x.x.x

> leftsubnet=192.168.0/24

That's not a valid CIDR btw.

> rightsubnet=

> I now want to add a second tunnel to site B @ y.y.y.y and establish it via ppp1 but I cannot figure out how to achieve
> this. I've tried with rightnexthop= and/or doing a "route add -host y.y.y.y dev ppp1" but to no avail.
> Is this possible to do and if so how?

You cannot have two tunnels for those two subnets, as openswan will then not know
where to send the traffic through. Should a packet for go via ppp0 or ppp1?
And who is keeping track for load balancing this?

A better method here would be if your ISP supported MPPE so then you bond the two ppp
lines into one logical link and run IPsec on that.

Alternatively, run two host-host tunnels and then run GRE over those. On how to do that,
see http://www.xelerance.com/talks/ha/


More information about the Users mailing list