[Openswan Users] Hub-Spoke Configuration
Neal P. Murphy
neal.p.murphy at alum.wpi.edu
Mon Mar 7 13:09:13 EST 2016
The left/rightsubnet param of the 'hub' side of each conn must contain the addresses all other hosts that are to be accessed via the hub. This is the only way I know of to make openswan allow those addresses through the tunnel. (I assume one would use left/rightsubnet even though the non-hub hosts are not routers.)
Years ago, I set up a Smoothwall Express or a SonicWall as a hub and several Smoothwalls and SonicWalls as clients, making sure that each IPSEC knew that the other private LAN addresses were to be accessed through the VPN. The F/Ws could all talk to each other. All hosts behind the F/Ws could talk to each other. Come to think of it, I think I cheated. I used 0.0.0.0/0 as the subnet, thus forcing all non-local traffic through the hub. The hub knew how to reach all sites, and it was the sole internet access point. Never mind that some of the sites connected across the internet; their only internet traffic after the VPN was up was IPSEC.
On Mon, 07 Mar 2016 17:47:15 +0000
Daniel Cave <dan.cave at me.com> wrote:
> Hello Leonard
> Did you get any replies to this?
> I suspect you may be experiencing issues with firewall/security group/rules issues
> Have you tried establishing hub to spoke end connectivity on each side and end to end testing by connecting using netcat?
> Sent from my iPhone
> > On 2 Mar 2016, at 20:00, Leonard Wood <leonardw at ufl.edu> wrote:
> > Does anyone have any documentation on setting up a ‘hub and spoke’ configuration using Openswan?
> > I have a scenario where I am connecting both Azure and AWS to a single Openswan instance using each prospective provider’s VPN gateway. The tunnels come up and everything is fine with one exception. Resources deployed in Azure cannot communicate with resources deployed in Aws, and vice versa. Both can communicate with the Openswan instance, however. The route tables are correctly setup in AWS and Azure so I am convinced its my configuration.
> > I have two connection entries in the ipsec.conf
> > (Spoke1) Azure = 172.16.0.0/23
> > (Spoke2) AWS = 10.10.10.0/23
> > Hub Network = Openswan = 192.168.1.0/24
> > I am also using netkey for the protocol.
> > Any help with getting nodes in spoke 1 to communicate with nodes in spoke 2 would be greatly appreciated!
> > _______________________________________________
> > Users at lists.openswan.org
> > https://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users