Subnet to subnet VPN: Difference between revisions
Jump to navigation
Jump to search
Paul Wouters (talk | contribs) No edit summary |
Paul Wouters (talk | contribs) mNo edit summary |
||
| Line 1: | Line 1: | ||
Building a tunnel between two endpoints for multiple subnets is pretty simialar to a [[ host to host VPN ]] tunnel. Except you will see we are adding leftsubnets/rightsubnets statements | Building a tunnel between two endpoints for multiple subnets is pretty simialar to a [[ host to host VPN ]] tunnel. Except you will see we are adding leftsubnets/rightsubnets statements. We used the also= keyword to avoid adding the same information into each connection. | ||
<pre> | <pre> | ||
| Line 13: | Line 13: | ||
leftsubnet=192.0.1.0/24 | leftsubnet=192.0.1.0/24 | ||
rightsubnet=192.0.2.0/24 | rightsubnet=192.0.2.0/24 | ||
auto=start | |||
conn mysubnet6 | conn mysubnet6 | ||
| Line 19: | Line 20: | ||
leftsubnet=2001:db8:0:1::/64 | leftsubnet=2001:db8:0:1::/64 | ||
rightsubnet=2001:db8:0:2::/64 | rightsubnet=2001:db8:0:2::/64 | ||
auto=start | |||
conn mytunnel | conn mytunnel | ||
| Line 29: | Line 31: | ||
authby=rsasig | authby=rsasig | ||
# use auto=start when done testing the tunnel | # use auto=start when done testing the tunnel | ||
</pre> | </pre> | ||
Revision as of 23:17, 1 April 2014
Building a tunnel between two endpoints for multiple subnets is pretty simialar to a host to host VPN tunnel. Except you will see we are adding leftsubnets/rightsubnets statements. We used the also= keyword to avoid adding the same information into each connection.
# /etc/ipsec.conf
# The version 2 is only required for compatibility with openswan
version 2
config setup
protostack=netkey
conn mysubnet
also=mytunnel
leftsubnet=192.0.1.0/24
rightsubnet=192.0.2.0/24
auto=start
conn mysubnet6
also=mytunnel
connaddrfamily=ipv6
leftsubnet=2001:db8:0:1::/64
rightsubnet=2001:db8:0:2::/64
auto=start
conn mytunnel
leftid=@west
left=192.1.2.23
leftrsasigkey=0sAQOrlo+hOafUZDlCQmXFrje/oZm [...] W2n417C/4urYHQkCvuIQ==
rightid=@east
right=192.1.2.45
rightrsasigkey=0sAQO3fwC6nSSGgt64DWiYZzuHbc4 [...] D/v8t5YTQ==
authby=rsasig
# use auto=start when done testing the tunnel