[Openswan Users] Multiple sites with openswan
nick at howitts.co.uk
Tue Jan 20 03:22:37 EST 2015
With that set up each remote site is invisible to each other remote
There are soem things in the set up you won't want (plutodebug=all),
probably don't need if Openswan is on your gateway device
don't need (compress=no), could do better (use aes or aes128 instead of
3des or something even stronger if you want like aes256; sha1 instead of
md5) and are wrong (left/rightsourceip should be the private IP of the
gateway). If you don't use NAT traversal you also do not need to open
udp port 4500 and you never need tcp:4500.
I am not convinced about NAT'ing the VPN as this is not normally
recommended, but you would use a similar iptables rule with "-j ACCEPT"
instead of "-j SNAT".
Check which subnets you want to use. The example gives a single public
IP access to a whole LAN. It is more likely you will want a remote LAN
IP or subnet to your LAN. That is just a matter of adjusting the
On 2015-01-19 23:24, Patrick Naubert wrote:
> Rescued from the spam bucket. Please remember to subscribe to the
> mailing list before posting to it.
>> DATE: January 19, 2015 at 6:00:26 PM GMT-5
>> SUBJECT: MULTIPLE SITES WITH OPENSWAN
>> FROM: TC Tobin-Campbell <tc at redoxengine.com>
>> TO: users at lists.openswan.org
>> We're considering using openswan for VPN connections with health
>> systems. We have an application that sends and receives information
>> from health systems over VPN tunnels. We need to setup VPN
>> connections to each health system, but no information should pass
>> from health system to health system.
>> We're considering following the instructions here to set this up:
>> If we setup openswan on one server, with multiple vpn tunnels to
>> different sites, does that in any way give the sites access to each
>> other? In other words, could one health system access another health
>> system through our VPN setup, or is there a way to prevent that from
>> happening? Or do we need a separate server for each connection?
> Users at lists.openswan.org
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users