[Openswan Users] Route-based VPN

Paul Wouters paul at xelerance.com
Mon Oct 25 14:21:58 EDT 2010

On Mon, 25 Oct 2010, Vincent Bernat wrote:

> The /custom/script just puts some route to ipsec0 interface for networks
> that should be encrypted.
> Now, I would like to have a second VPN with the same instance of OpenSWAN.
> Therefore, I would need an ipsec1 interface.

No you don't need a second interface.

> Can I bind it to a labelled interface (like eth0:1)?

You could (if using ifconfig, not by adding the ip using ip addr)

> I would like to use routes like this:
> ip route add net1 dev ipsec0
> ip route add net2 dev ipsec0
> ip route add net3 dev ipsec1
> ip route add net4 dev ipsec1

I don't understand why. For klips it does not matter via which interface it got
the packet, and it does not record/keep that information around for anything.


More information about the Users mailing list