Subnet to subnet VPN: Difference between revisions

From Libreswan
Jump to navigation Jump to search
No edit summary
mNo edit summary
Line 1: Line 1:
Building a tunnel between two endpoints for multiple subnets is pretty simialar to a [[ host to host VPN ]] tunnel. Except you will see we are adding leftsubnets/rightsubnets statements:
Building a tunnel between two endpoints for multiple subnets is pretty simialar to a [[ host to host VPN ]] tunnel. Except you will see we are adding leftsubnets/rightsubnets statements. We used the also= keyword to avoid adding the same information into each connection.


<pre>
<pre>
Line 13: Line 13:
     leftsubnet=192.0.1.0/24
     leftsubnet=192.0.1.0/24
     rightsubnet=192.0.2.0/24
     rightsubnet=192.0.2.0/24
    auto=start


conn mysubnet6
conn mysubnet6
Line 19: Line 20:
     leftsubnet=2001:db8:0:1::/64
     leftsubnet=2001:db8:0:1::/64
     rightsubnet=2001:db8:0:2::/64
     rightsubnet=2001:db8:0:2::/64
    auto=start


conn mytunnel
conn mytunnel
Line 29: Line 31:
     authby=rsasig
     authby=rsasig
     # use auto=start when done testing the tunnel
     # use auto=start when done testing the tunnel
    auto=add
</pre>
</pre>

Revision as of 23:17, 1 April 2014

Building a tunnel between two endpoints for multiple subnets is pretty simialar to a host to host VPN tunnel. Except you will see we are adding leftsubnets/rightsubnets statements. We used the also= keyword to avoid adding the same information into each connection.

# /etc/ipsec.conf
# The version 2 is only required for compatibility with openswan
version 2

config setup
    protostack=netkey

conn mysubnet
     also=mytunnel
     leftsubnet=192.0.1.0/24
     rightsubnet=192.0.2.0/24
     auto=start

conn mysubnet6
     also=mytunnel
     connaddrfamily=ipv6
     leftsubnet=2001:db8:0:1::/64
     rightsubnet=2001:db8:0:2::/64
     auto=start

conn mytunnel
    leftid=@west
    left=192.1.2.23
    leftrsasigkey=0sAQOrlo+hOafUZDlCQmXFrje/oZm [...] W2n417C/4urYHQkCvuIQ==
    rightid=@east
    right=192.1.2.45
    rightrsasigkey=0sAQO3fwC6nSSGgt64DWiYZzuHbc4 [...] D/v8t5YTQ==
    authby=rsasig
    # use auto=start when done testing the tunnel