[Openswan Users] Multiple tunnels with 3G stations with Cisco RV180

Wed Aug 20 13:27:18 EDT 2014

Rescued from the Spam bucket.  Please remember to subscribe to the mailing list before posting to it.

From: Diego Rodrigues Ferreira <katesclau at gmail.com>
Subject: Multiple tunnels with 3G stations with Cisco RV180
Date: August 20, 2014 at 1:04:53 PM GMT-4
To: users at lists.openswan.org

Hello guys,

First post here, so please, be patient with me. 

What I´m trying to accomplish is to connect different 3G or non-statis IP statios to a OpenSWAN VPN Server. On sites, I have a Cisco RV180.

Objectives:
Connect multiple dynamic IP routers to the VPN;
Routes between dynamic site - server and dynamic site - other dynamic site;
Issues:
So far, I could only connect 1 tunnel at a time, and other sites try to connect to the same conn as the first. 
Connections do not establish do to lack of identification - "We cannot identify ourselves with either end of this connection";
tried to use leftid and rightid - no go, and I cannot assert ip addresses to remote sites =´[;
Any ideas on how can I accomplish this?
So this is my setup:

Server config:
Linux Openswan U2.6.37/K3.2.0-54-virtual (netkey) on a 
Ubuntu 12.04 Server x86_64

/etc/ipsec.conf
version 2.0

# basic configuration
config setup
        dumpdir=/var/run/pluto/
        interfaces=%defaultroute
        nat_traversal=yes
        oe=off
        protostack=netkey
        plutostderrlog=/var/log/pluto.log

conn SITE1
        right=%any
        rightsubnet=192.168.0.0/16
        rightnexthop=%defaultroute
        rightsourceip=192.168.4.1
        also=main-tunnel-config

conn SITE2
        right=%any
        rightsubnet=192.168.0.0/16
        rightnexthop=%defaultroute
        rightsourceip=192.168.5.1
        also=main-tunnel-config

conn SITE3
        right=%any
        rightsubnet=192.168.0.0/16
        rightnexthop=%defaultroute
        rightsourceip=192.168.6.1
        also=main-tunnel-config

conn main-tunnel-config
        authby=secret
        pfs=yes
        keyingtries=1
        type=tunnel
        ike=aes256-sha1;modp1536
        phase2=esp
        phase2alg=aes-sha1;modp1536
        lifetime=86400s
        aggrmode=no
        #Left security gateway, subnet behind it, nexthop toward right.
        left=<SERVER-IP>
        leftsubnet=192.168.200.0/24
        leftnexthop=%defaultroute
        leftsourceip=192.168.200.1
        auto=start

/etc/ipsec.secrets
<SERVER-IP> %any : PSK "password"

some of my refs so far:
https://lists.openswan.org/pipermail/users/2010-February/018281.html
https://lists.openswan.org/pipermail/users/2006-October/010822.html
http://osdir.com/ml/network.openswan.user/2005-04/msg00210.html

Thanks in advance! Cheers

Eng° Diego Rodrigues Ferreira,
MCA Sistemas
diegoferreira at mcasistemas.com.br
Skype: diegoferreira.eel
+55 48 30281504
+55 48 96734424

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140820/c678e22a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Network (1).png
Type: image/png
Size: 24372 bytes
Desc: not available
URL: <http://lists.openswan.org/pipermail/users/attachments/20140820/c678e22a/attachment-0001.png>