[Openswan Users] Multiple servers with multiple tunnels each
Neal Murphy
neal.p.murphy at alum.wpi.edu
Tue Jun 24 12:03:46 EDT 2014
What you described should work, with a couple caveats:
- Your config is missing host2-host3, host2-host4, and host3-host4
- Be sure that each of the four sites uses unique LAN addressing. That is,
you cannot (easily) use 10.10.10.0/24 at two sites.
You should be able to copy a single set of files (config, secrets, etc.) to
each site.
> From: David Brezynski <brezy at u.washington.edu>
> Subject: Multiple servers with multiple tunnels each
> Date: June 23, 2014 at 3:01:50 PM EDT
> To: users at lists.openswan.org
>
>
> Hi List
>
> I'm working on an IPSEC solution for a number of servers (lets say 4) where
> I need to encrypt traffic between each server (so each servers needs a
> tunnel to the other 3) for a distributed application. Traffic should not
> be encrypted between these servers and any others on the network. All IPs
> are static.
>
> I'm assuming my only option is to set up individual tunnels in a one to
> many relationship for each of the servers (see configuration below).
>
> Question - is this the correct approach? Is there more concise
> configuration I can use so I can reuse the configuration files unchanged
> on all the servers involved? Anything I'm missing?
>
> In the initial setup I'm using pre-shared keys and my config files
> (connection definitions and secrets file) are:
>
>
> ============ /etc/ipsec.d/test.con
> conn host1-to-host2
> left=host1
> right=host2
> auto=start
> authby=secret
>
> conn host1-to-host3
> left=host1
> right=host3
> auto=start
> authby=secret
>
> conn host1-to-host4
> left=host1
> right=host4
> auto=start
> authby=secret
>
> ======================
>
>
> ============ /etc/ipsec.d/ipsec.secrets
> host1 host2 : PSK "key in quotations"
> host1 host3 : PSK "key in quotations"
> host1 host4 : PSK "key in quotations"
> ========================
>
> Thanks
> David
More information about the Users
mailing list