[Openswan Users] Route-based VPN
Vincent Bernat
bernat at luffy.cx
Mon Oct 25 10:41:16 EDT 2010
Hello!
I would like to use OpenSWAN to get a VPN with several ISG 2000
appliances. Each of them is using a route-based VPN. This means that each
VPN has a virtual interface tunnel.X and we use route to explain what
should be encrypted in what VPN. In this case, left and right subnets are
advertised as 0.0.0.0/0.
Here is a working OpenSWAN setup:
conn XXXX
auto=start
right=193.XXXXXXXXX
authby=secret
left=81.XXXXXXX
leftsubnet=0.0.0.0/0
leftnexthop=%defaultroute
rightsubnet=0.0.0.0/0
rightnexthop=%defaultroute
leftupdown=/custom/script
The /custom/script just puts some route to ipsec0 interface for networks
that should be encrypted.
Now, I would like to have a second VPN with the same instance of OpenSWAN.
Therefore, I would need an ipsec1 interface. It seems that I can only bind
an ipsecX interface to a physical interface. Can I bind it to the same
physical interface than ipsec0? Can I bind it to a labelled interface (like
eth0:1)?
I would like to use routes like this:
ip route add net1 dev ipsec0
ip route add net2 dev ipsec0
ip route add net3 dev ipsec1
ip route add net4 dev ipsec1
More information about the Users
mailing list