[Openswan Users] Multiple servers with multiple tunnels each
neal.p.murphy at alum.wpi.edu
Tue Jun 24 12:03:46 EDT 2014
What you described should work, with a couple caveats:
- Your config is missing host2-host3, host2-host4, and host3-host4
- Be sure that each of the four sites uses unique LAN addressing. That is,
you cannot (easily) use 10.10.10.0/24 at two sites.
You should be able to copy a single set of files (config, secrets, etc.) to
> From: David Brezynski <brezy at u.washington.edu>
> Subject: Multiple servers with multiple tunnels each
> Date: June 23, 2014 at 3:01:50 PM EDT
> To: users at lists.openswan.org
> Hi List
> I'm working on an IPSEC solution for a number of servers (lets say 4) where
> I need to encrypt traffic between each server (so each servers needs a
> tunnel to the other 3) for a distributed application. Traffic should not
> be encrypted between these servers and any others on the network. All IPs
> are static.
> I'm assuming my only option is to set up individual tunnels in a one to
> many relationship for each of the servers (see configuration below).
> Question - is this the correct approach? Is there more concise
> configuration I can use so I can reuse the configuration files unchanged
> on all the servers involved? Anything I'm missing?
> In the initial setup I'm using pre-shared keys and my config files
> (connection definitions and secrets file) are:
> ============ /etc/ipsec.d/test.con
> conn host1-to-host2
> conn host1-to-host3
> conn host1-to-host4
> ============ /etc/ipsec.d/ipsec.secrets
> host1 host2 : PSK "key in quotations"
> host1 host3 : PSK "key in quotations"
> host1 host4 : PSK "key in quotations"
More information about the Users