[Openswan Users] IPsec on mutli-gateway machine
Patrick Naubert
patrickn at xelerance.com
Thu Jun 20 11:19:38 UTC 2013
Rescued from the Spam bucket. Please make sure to subscribe to the mailing list before posting to it.
From: 林聖艦 <mlsaint1214 at gmail.com>
Subject: IPsec on mutli-gateway machine
Date: 19 June, 2013 10:47:36 PM EDT
To: users at lists.openswan.org
I have a mutli-gateway machine.
eth0 192.168.1.10 <--> router A (192.168.1.1/24) <--> PPPoE(public ip a.a.a.a)
eth1 172.16.1.10 <--> router B (172.16.1.1/24) <--> PPPoE(public ip b.b.b.b)
eth2 <--> PPPoE(public ip c.c.c.c/ppp0)
Currently, if I specified left=192.168.1.10, 172.16.1.10 or c.c.c.c/%ppp0
every client from related public ip can connect to server well.
Here is my question:
How can I modify my ipsec.conf to handle all client from different interface?
I can see all interface is listening by pluto from netstat.
But I cannot configure out.
My ipsec.conf:
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=172.16.1.10
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
forceencaps=yes
dpddelay=10
dpdtimeout=90
dpdaction=clear
Thanks for your help,
Kenneth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130620/2a987650/attachment.html>
More information about the Users
mailing list