Tom Eastep wrote: > Tom Eastep wrote: >> Alan Madill wrote: >>> Hi, >>> >>> I want to connect two satellite offices to a main office using >>> openswan and ipsec vpn. >>> SatSite1 --- Main --- SatSite2 >>> 192.168.30.0/24 --- 1.1.1.1 --- 2.2.2.2 --- 192.168.20.0/24 --- >>> 2.2.2.2 --- 3.3.3.3 --- 192.168.25.0/24 >>> Where 1.1.1.1, 2.2.2.2, and 3.3.3.3 are the public ip addresses of >>> the three sites >>> >>> I have successfully got the VPNs working between the the two >>> satellite sites and the main site but I can't figure out how to >>> route traffic from one satellite site to the other. >> >> You can't 'route' the traffic. You must add additional IPSEC tunnels >> to tunnel the forwarded traffic between your firewall and the remote >> gateways. > > Actually, that is a bit misleading. You only need one 'tunnel' from > each site but you need additional SPD entries that make the > site-to-site traffic go through the tunnel. I know how to do that > using ipsec-tools and Racoon but not with openswan.
The lack of actual interfaces confuses me a bit. :-) What would the SPD entries look like? I should be able to RTM and do the same with openswan if I have an idea of what I'm trying to do. Are there any special considerations for shorewall in adding the additional traffic? Thanks ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
