[Openswan Users] Multi site from scratch config

Gary Smith gary.smith at holdstead.com
Mon May 20 23:07:45 UTC 2013


I'm writing this because I've run into a few road blocks and had issues with some of the configurations.  Sometimes what I have in place works for some nodes, other times it does not work at all.  All of my machines are virtualized (to include the VPN routers) and I'm looking to start from scratch.

So I'm looking for some advice, pointers, full config files (minus the keys of course) to setup the following:

I have 5 locations and they are:

A. Primary colo, ipv4, ipv6
B. Backup virtual instance, ipv4, ipv6
C. Office, DHCP ipv4, ipv6 over tunnel broker
D. Home Office, DHCP ipv4, ipv6 over tunnel broker
E. Home Office, DHCP ipv4, ipv6 over tunnel broker

I haven't had much issue with configuring the tunnel from A <-> B but I have intermedite issues randomly from C, D, or E to A or B.  At location A I have servers in the DMZ which uses a public /24 as well as a private subnect.  I have yet to get a configuration that will allow me to securely access those machines in the DMZ from B, C, D, or E so I assign a private subnet to the DMZ boxed, which I want to get away from.

Given that, what's the best approach for generating a brand new secure openswan network?

I would also like to incorporate the IPV6 into the mix.  All of the servers but 1 are running CentOS, but that can be replaced in about 20 minutes if necessary, so assume that I would be running the 6.4 repo modules.

Thoughts, ideas, config files?

More information about the Users mailing list