[Openswan Users] Hub-Spoke Configuration
Jon Fox
jon at sacredregion.com
Tue Mar 8 02:29:45 EST 2016
> I have two connection entries in the ipsec.conf
I've done spoke-hub with ipsec in the distant past.
IIRC, you need either one connection entry (spoke A-to-spoke B), or
three connection entries (spoke A-to-spoke B, spoke A to localnet, and
spoke B to localnet). What exactly do you have configured for the left
and right networks of your existing two(?) connections?
-Jon
On 3/7/2016 10:55 PM, Leonard Wood wrote:
>
> Hi Daniel,
>
>
>
> Thanks for responding. I have not received any replies, yet. After
> researching this extensively, I suspect my issue may be a result of
> using the netkey protocol (default) vs klips. I don’t think netkey
> has the ability to route traffic between two local subnets. I can run
> tcpdump on the local openswan (hub) instance and see ICMP packets
> coming in from the Spokes.
>
>
>
> My thinking is because the entire payload and header are encrypted,
> and without some mechanism (i.e., klips) to decipher it, the datagram
> doesn’t know where to go once it reaches Openswan (Hub)
>
>
>
> But I could be wrong.
>
>
>
> Thanks,
>
>
>
> Leonard
>
>
>
> *From:*Daniel Cave [mailto:dan.cave at me.com]
> *Sent:* Monday, March 07, 2016 12:47 PM
> *To:* Leonard Wood
> *Cc:* users at lists.openswan.org
> *Subject:* Re: [Openswan Users] Hub-Spoke Configuration
>
>
>
>
> Hello Leonard
>
>
>
> Did you get any replies to this?
>
>
>
> I suspect you may be experiencing issues with firewall/security
> group/rules issues
>
>
>
> Have you tried establishing hub to spoke end connectivity on each side
> and end to end testing by connecting using netcat?
>
>
> Sent from my iPhone
>
>
> On 2 Mar 2016, at 20:00, Leonard Wood <leonardw at ufl.edu
> <mailto:leonardw at ufl.edu>> wrote:
>
> Does anyone have any documentation on setting up a ‘hub and spoke’
> configuration using Openswan?
>
>
>
> I have a scenario where I am connecting both Azure and AWS to a
> single Openswan instance using each prospective provider’s VPN
> gateway. The tunnels come up and everything is fine with one
> exception. Resources deployed in Azure cannot communicate with
> resources deployed in Aws, and vice versa. Both can communicate
> with the Openswan instance, however. The route tables are
> correctly setup in AWS and Azure so I am convinced its my
> configuration.
>
>
>
> I have two connection entries in the ipsec.conf
>
>
>
> (Spoke1) Azure = 172.16.0.0/23
>
> (Spoke2) AWS = 10.10.10.0/23
>
> Hub Network = Openswan = 192.168.1.0/24
>
>
>
> I am also using netkey for the protocol.
>
>
>
> Any help with getting nodes in spoke 1 to communicate with nodes
> in spoke 2 would be greatly appreciated!
>
>
>
>
>
> _______________________________________________
> Users at lists.openswan.org <mailto:Users at lists.openswan.org>
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments:
> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160308/18d52d0f/attachment-0001.html>
More information about the Users
mailing list