Subnet to subnet VPN: Difference between revisions
Jump to navigation
Jump to search
Paul Wouters (talk | contribs) No edit summary |
Paul Wouters (talk | contribs) mNo edit summary |
||
Line 1: | Line 1: | ||
Building a tunnel between two endpoints for multiple subnets is pretty simialar to a [[ host to host VPN ]] tunnel. Except you will see we are adding leftsubnets/rightsubnets statements | Building a tunnel between two endpoints for multiple subnets is pretty simialar to a [[ host to host VPN ]] tunnel. Except you will see we are adding leftsubnets/rightsubnets statements. We used the also= keyword to avoid adding the same information into each connection. | ||
<pre> | <pre> | ||
Line 13: | Line 13: | ||
leftsubnet=192.0.1.0/24 | leftsubnet=192.0.1.0/24 | ||
rightsubnet=192.0.2.0/24 | rightsubnet=192.0.2.0/24 | ||
auto=start | |||
conn mysubnet6 | conn mysubnet6 | ||
Line 19: | Line 20: | ||
leftsubnet=2001:db8:0:1::/64 | leftsubnet=2001:db8:0:1::/64 | ||
rightsubnet=2001:db8:0:2::/64 | rightsubnet=2001:db8:0:2::/64 | ||
auto=start | |||
conn mytunnel | conn mytunnel | ||
Line 29: | Line 31: | ||
authby=rsasig | authby=rsasig | ||
# use auto=start when done testing the tunnel | # use auto=start when done testing the tunnel | ||
</pre> | </pre> |
Revision as of 23:17, 1 April 2014
Building a tunnel between two endpoints for multiple subnets is pretty simialar to a host to host VPN tunnel. Except you will see we are adding leftsubnets/rightsubnets statements. We used the also= keyword to avoid adding the same information into each connection.
# /etc/ipsec.conf # The version 2 is only required for compatibility with openswan version 2 config setup protostack=netkey conn mysubnet also=mytunnel leftsubnet=192.0.1.0/24 rightsubnet=192.0.2.0/24 auto=start conn mysubnet6 also=mytunnel connaddrfamily=ipv6 leftsubnet=2001:db8:0:1::/64 rightsubnet=2001:db8:0:2::/64 auto=start conn mytunnel leftid=@west left=192.1.2.23 leftrsasigkey=0sAQOrlo+hOafUZDlCQmXFrje/oZm [...] W2n417C/4urYHQkCvuIQ== rightid=@east right=192.1.2.45 rightrsasigkey=0sAQO3fwC6nSSGgt64DWiYZzuHbc4 [...] D/v8t5YTQ== authby=rsasig # use auto=start when done testing the tunnel