[Openswan Users] Multiple servers with multiple tunnels each

Patrick Naubert patrickn at xelerance.com
Tue Jun 24 07:03:48 EDT 2014


Rescued from the Spam bucket.  Please remember to subscribe to the mailing list before posting to it.

From: David Brezynski <brezy at u.washington.edu>
Subject: Multiple servers with multiple tunnels each
Date: June 23, 2014 at 3:01:50 PM EDT
To: users at lists.openswan.org


Hi List

I'm working on an IPSEC solution for a number of servers (lets say 4) where I need to encrypt traffic between each server (so each servers needs a tunnel to the other 3) for a distributed application.  Traffic should not be encrypted between these servers and any others on the network.  All IPs are static.

I'm assuming my only option is to set up individual tunnels in a one to many relationship for each of the servers (see configuration below).  

Question - is this the correct approach?  Is there more concise configuration I can use so I can reuse the configuration files unchanged on all the servers involved?  Anything I'm missing?

In the initial setup I'm using pre-shared keys and my config files (connection definitions and secrets file) are:


============ /etc/ipsec.d/test.con
conn host1-to-host2
  left=host1
  right=host2
  auto=start
  authby=secret

conn host1-to-host3
  left=host1
  right=host3
  auto=start
  authby=secret

conn host1-to-host4
  left=host1
  right=host4
  auto=start
  authby=secret

======================


============ /etc/ipsec.d/ipsec.secrets 
host1 host2 : PSK "key in quotations"
host1 host3  : PSK "key in quotations"
host1 host4  : PSK "key in quotations"
========================

Thanks
David



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140624/e974d23d/attachment.html>


More information about the Users mailing list