Hi list.
Currently I'm using a simple config to connect two networks
over the Internet, ipsec.conf from $net2 side looks like this:
########################
net1 = "{ 192.168.1.0/24, 192.168.11.0/24 }"
net2 = "{ 192.168.2.0/24, 192.168.22.0/24, 192.168.33.0/24 }"
flow esp from $net2 to $net1 peer x.x.x.x
esp from y.y.y.y to x.x.x.x spi 0xdeadbeef:0xbeefdead \
auth hmac-sha2-512 enc blowfish \
authkey file "/root/akey.local:/root/akey.remote" \
enckey file "/root/ekey:/root/ekey"
########################
Suppose I have third endpoint in the Internet
with public IP z.z.z.z and network 192.168.3.0/24.
What is the way to establish extra tunnel with third endpoint?
I need to be able to reach $net1 and $net2 networks from
$net3 with is 192.168.3.0/24 and vice versa.
Is it enough to create tunnel between $net3 and $net2
to reach $net1 from $net3 or I need to setup two tunnels
on each endpoint?
I doubt if such config work:
########################
net1 = "{ 192.168.1.0/24, 192.168.11.0/24 }"
net2 = "{ 192.168.2.0/24, 192.168.22.0/24, 192.168.33.0/24 }"
net3 = "{ 192.168.3.0/24 }"
flow esp from $net2 to $net1 peer x.x.x.x
esp from y.y.y.y to x.x.x.x spi 0xdeadbeef:0xbeefdead \
auth hmac-sha2-512 enc blowfish \
authkey file "/root/akey.local:/root/akey.remote" \
enckey file "/root/ekey:/root/ekey"
flow esp from $net2 to $net3 peer z.z.z.z
esp from y.y.y.y to z.z.z.z spi 0xdeadbeef:0xbeefdead \
auth hmac-sha2-512 enc blowfish \
authkey file "/root/akey.local3:/root/akey.remote3" \
enckey file "/root/ekey3:/root/ekey3"
########################
