[Openswan Users] Hub-and-Spoke routing

Neal Murphy neal.p.murphy at alum.wpi.edu
Mon Feb 25 17:05:16 EST 2013

On Monday, February 25, 2013 07:45:08 AM Mike C wrote:
> Any ideas as to what is wrong, or if I'm barking up the wrong tree? If
> I'm on the wrong track, can you advise on possible alternatives that I
> could look into?

Sinec you mention NAT, I assume A, B and C are firewalls.

As an illustration, if you have only one subnet each at sites A and C, you can 
set up A and C with B's subnet as (you may need and before a certain openswan release). This will force all non-local 
traffic through the VPNs; hub B will route traffic for A and C through their 
respective tunnels and send all other traffic to the internet.

Contrast that with setting up A-B with B's subnet including C's, and setting 
up C-B with B's subnet including A's. Now only private traffic is routed 
through the VPNs and all internet traffic goes through the nearest gateway.

As I said, it should illustrate the effect subnets have on IPSEC, even if it 
doesn't exactly apply to your situation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130225/bbdfe751/attachment.html>

More information about the Users mailing list