Good day All,
I am trying to figure out how to route over ipsec to one site then over
openvpn to another site as well as a few general questions re OpenVPN.
1. I have 8 sites to deal with. All sites will connect to Site #2 but
I also need to get to Site #1 from Site #3 via Site # 2. I have started
migrating from IPSEC to OPenVPN and during this process until I can
upgrade all locations to OpenVPN I will have to run them concurrently.
Site #1 is the exception where I no longer have access to IPSEC, Only
OPenVPN.
2. A few quick questions re OpenVPN
Can I run both Client and Server on same FW
If yes do I use the same tap0 and udp port 1194 for both?
3. Now the tricky part:
From Site #1 I have an OpenVPN tunnel established to Site #2 where
Site #2 is acting as the openVPN server and Site #1 as the OpenVPN Client
From Site #3 I have an IPSEC tunnel to Site #2
I no longer have my IPSEC tunnel between Site #1 and Site #3
All other 5 sites connect to Site #2 through IPSEC but I plan to migrate
this to OpenVPN as well.
How do I add a route so that any traffic to/from Site #1 to/From
Site #3 is routed through Site #2?
Here are the routes from Site #2 and Site #3
ip routes from Site2
# net
46.24.125.0/24 dev eth0 proto kernel scope link src 46.24.125.4
# loc
10.30.4.0/24 dev eth1 proto kernel scope link src 10.30.4.254
# vpn
10.30.5.0/24 dev tap0 proto kernel scope link src 10.30.5.1
# ipsec
46.24.125.0/24 dev ipsec0 proto kernel scope link src 46.24.125.4
10.10.60.0/24 via 46.24.125.1 dev ipsec0 # Site3 to Site2
10.10.80.0/24 via 46.24.125.1 dev ipsec0 # Site4 to Site2
10.10.70.0/24 via 46.24.125.1 dev ipsec0 # Site5 to Site2
10.10.50.0/24 via 46.24.125.1 dev ipsec0 # Site6 to Site2
10.10.66.0/24 via 46.24.125.1 dev ipsec0 # Site7 to Site2
10.10.64.0/24 via 46.24.125.1 dev ipsec0 # Site8 to Site2
192.168.147.0/24 via 10.30.5.2 dev tap0 # Site1 to Site2
default via 46.24.125.1 dev eth0
ip routes from Location 3
# net
193.241.34.0/26 dev eth0 proto kernel scope link src 193.241.34.30
# loc
10.10.60.0/24 dev eth1 proto kernel scope link src 10.10.60.254
# dmz
10.10.61.0/24 dev eth2 proto kernel scope link src 10.10.61.254
# vpn
10.10.62.0/24 dev tap0 proto kernel scope link src 10.10.62.1
# ipsec
193.241.34.0/26 dev ipsec0 proto kernel scope link src 193.241.34.30
10.30.4.0/24 via 193.241.34.1 dev ipsec0 # Site3 to Site2
192.168.211.0/24 via 193.241.34.1 dev eth0
192.168.210.0/24 via 193.241.34.1 dev eth0
192.168.212.0/24 via 193.241.34.1 dev eth0
192.168.199.0/24 via 193.241.34.1 dev eth0
192.168.215.0/24 via 193.241.34.1 dev eth0
192.168.200.0/24 via 193.241.34.1 dev eth0
192.168.216.0/24 via 193.241.34.1 dev eth0
192.168.203.0/24 via 193.241.34.1 dev eth0
192.168.202.0/24 via 193.241.34.1 dev eth0
192.168.220.0/24 via 193.241.34.1 dev eth0
default via 193.241.34.1 dev eth0
*** How do add the route 192.168.147.0/24 to Location 3????
Thanx for your help.
Darcy
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
