Frerk Meyer
2003-Jan-09 03:01 UTC
AW: [Shorewall-users] How do I configure 2 static net2net VPNs ov er one interface ipsec0?
Hi, Problem: I want 2 vpn tunnels for 2 subnets over one interface ipsec0. Documentation only describes config for 1 vpn or road warriors. I defined 2 vpn zones ''fre'' and ''swe''. #ZONE DISPLAY COMMENTS net Net Internet zone loc Local Local fre VPN_Fre VPN Fre swe VPN_Swe VPN Swe Interface ipsec0 is tunnel over eth1. Local is eth0. ipsec0 serves 2 zones: fre and swe, therefore`''-'' and hosts file #ZONE INTERFACE BROADCAST OPTIONS loc eth0 detect net eth1 detect - ipsec0 I defined 2 tunnels: # TYPE ZONE GATEWAY GATEWAY ZONE ipsec net 213.168.103.106 ipsec net 217.73.1.17 Question: But how do I declare the 2 subnets for the 2 vpn zones? Here my wild guess at the hosts file: #ZONE HOST(S) OPTIONS # VPN1 Gateway is 213.168.103.106 fre eth1:213.168.103.106 # VPN1 Subnet is 157.125.132.0/23 #fre ipsec0:157.125.132.0/23 # VPN2 Gateway is 217.73.1.17 swe eth1:217.73.1.17 # VPN2 Subnet is 157.125.0.0/18 #swe ipsec0:157.125.0.0/18 Do I need entries for eth1 or ipsec0 (the commented ones)? Or something in between? Or should I merge the subnets into zone loc? Frerk> > Frerk Meyer > System Developer > --------------------------------------- > Framfab Deutschland AG > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://mail.shorewall.net/mailman/listinfo/shorewall-users
Mike Noyes
2003-Jan-10 10:38 UTC
AW: [Shorewall-users] How do I configure 2 static net2net VPNs ov er one interface ipsec0?
On Thu, 2003-01-09 at 02:57, Frerk Meyer wrote:> Problem: > I want 2 vpn tunnels for 2 subnets over one interface ipsec0. > Documentation only describes config for 1 vpn or road warriors.Frerk, Were you able to get one of the VPN tunnels working? I think this would be a good first step. After you have one working, configuring the second should be easier. Have you reviewed the FreeS/WAN documentation? http://www.freeswan.org/doc.html Please review the following page for suggested diagnostic information we''ll need to help you. Thanks. http://shorewall.net/support.htm -- Mike Noyes <mhnoyes @ users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/
Mike Noyes
2003-Jan-11 11:36 UTC
AW: [Shorewall-users] How do I configure 2 static net2net VPNs ov er one interface ipsec0?
On Thu, 2003-01-09 at 02:57, Frerk Meyer wrote:> Problem: > I want 2 vpn tunnels for 2 subnets over one interface ipsec0. > Documentation only describes config for 1 vpn or road warriors.Frerk, Does the IPSec "tunnel hub" link below accurately describe what you''re trying to do? Using a central Ipsec gateway as a "tunnel hub" http://jixen.tripod.com/#IPsec-hub -- Mike Noyes <mhnoyes @ users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/