[Openswan Users] Route based VPN

Tue Feb 15 05:14:27 EST 2011

Hi

I am quite new to all IPsec related topics and I need help with one
configuration.

I need to set up two ipsec tunnels to one provider, in the
requirements they said that it has to work in route-based mode where
local-proxy id and remote-proxy id should be unset (both parameters
should have 0.0.0.0/0).

Here is my configuration:

conn tunnel1
    left=XXX.XXX.XXX.XXX
    leftid=%myid
    leftnexthop=XXX.XXX.XXX.XXX
    leftsubnet=XXX.XXX.XXX.XXX/30
    leftrsasigkey=%cert
    leftcert=cert.cer
    leftsendcert=always
    right=XXX.XXX.XXX.XXX
    rightid=@XXX.XXX.XXX.XXX
    rightsubnet=XXX.XXX.XXX.XXX/30
    authby=rsasig
    ike=aes256-sha1-modp1024
    ikev2=no
    ikelifetime=86400s
    keyexchange=ike
    keylife=3600s
    phase2=esp
    phase2alg=aes256-sha1-96
    pfs=no
    auto=start

conn tunnel2 is the same only ipadresses are changed.

I tried to do this as I normally do, but then they told my that I am
using policy based VPN and proxy-id on their Juniper NetScreen does
not match.

How can I do this with openswan? I am using Openswan-2.6.31 with
KLIPS. Is it possible to configure Openswan to work in route-based
mode? If so how can I do this?

Best regards
Andrew Nowrot