[Openswan Users] Route-based VPN
bernat at luffy.cx
Mon Oct 25 16:20:40 EDT 2010
OoO Pendant le journal télévisé du lundi 25 octobre 2010, vers 20:21,
Paul Wouters <paul at xelerance.com> disait :
>> Now, I would like to have a second VPN with the same instance of OpenSWAN.
>> Therefore, I would need an ipsec1 interface.
> No you don't need a second interface.
>> Can I bind it to a labelled interface (like eth0:1)?
> You could (if using ifconfig, not by adding the ip using ip addr)
>> I would like to use routes like this:
>> ip route add net1 dev ipsec0
>> ip route add net2 dev ipsec0
>> ip route add net3 dev ipsec1
>> ip route add net4 dev ipsec1
> I don't understand why. For klips it does not matter via which interface it got
> the packet, and it does not record/keep that information around for
For both VPN, the rightsubnet is set to 0.0.0.0/0 (essentially because
this is the only subnet that the remote ISG will accept in this mode).
This means that for one packet, I have two possible VPN to use for
encryption. I would like to select the correct VPN using routes. If the
packet is routed to ipsec0, then I would like to use the first VPN, if
it is routed to ipsec1, then I would like to use the second VPN.
If KLIPS ignore the incoming interface, I suppose this is not possible
to work like this.
panic("CPU too expensive - making holiday in the ANDES!");
More information about the Users