I did it by specifying each net-to-net connection. I need to look at the new 3.8 Ipsec tools to see if I can clean this up.
Another example (and the one I initially referenced) can be found in /usr/share/ipsec/isakmpd/VPN-3way-template.conf . (isakmpd via OBSD 3.6): [Phase 1] 1.2.3.4= ISAKMP-Remote [Phase 2] Connections= Remote-Net1,Remote-Net2,Remote-Net3 [ISAKMP-Remote] Phase= 1 Transport= udp Address= 1.2.3.4 Configuration= Main-Mode Authentication= somecrazylookingword [Remote-Net1] Phase= 2 Configuration= Quick-Mode Local-ID= Local-Net1 Remote-ID= Remote-Net1 ISAKMP-peer= ISAKMP-Remote [Remote-Net2] Phase= 2 Configuration= Quick-Mode Local-ID= Local-Net1 Remote-ID= Remote-Net2 ISAKMP-peer= ISAKMP-Remote [Remote-Net3] Phase= 2 Configuration= Quick-Mode Local-ID= Local-Net1 Remote-ID= Remote-Net3 ISAKMP-peer= ISAKMP-Remote [Local-Net1] ID-type= IPV4_ADDR_SUBNET Network= 2.3.4.0 Netmask= 255.255.254.0 [Remote-Net1] ID-type= IPV4_ADDR_SUBNET Network= 1.2.4.0 Netmask= 255.255.255.0 [Remote-Net2] ID-type= IPV4_ADDR_SUBNET Network= 1.2.6.0 Netmask= 255.255.255.128 [Remote-Net3] ID-type= IPV4_ADDR_SUBNET Network= 1.2.7.0 Netmask= 255.255.255.0 <snip> use your same main/quick modes <snip> On Tue, 2005-10-11 at 12:42 +0200, Runo Forrisdahl wrote: > Hi, > > currently I have a VPN consisting of this: > > (..snip..) > > [tunnel-opengw-cisco] > Phase= 2 > ISAKMP-peer= cisco > Configuration= quick-mode > Local-ID= net-opengw > Remote-ID= net-remote > > (..snip..) > > Can I add a second net to the remote end like this: > > Remote-ID= net-remote, net-remote2
