Hi list. Currently I'm using a simple config to connect two networks over the Internet, ipsec.conf from $net2 side looks like this:
######################## net1 = "{ 192.168.1.0/24, 192.168.11.0/24 }" net2 = "{ 192.168.2.0/24, 192.168.22.0/24, 192.168.33.0/24 }" flow esp from $net2 to $net1 peer x.x.x.x esp from y.y.y.y to x.x.x.x spi 0xdeadbeef:0xbeefdead \ auth hmac-sha2-512 enc blowfish \ authkey file "/root/akey.local:/root/akey.remote" \ enckey file "/root/ekey:/root/ekey" ######################## Suppose I have third endpoint in the Internet with public IP z.z.z.z and network 192.168.3.0/24. What is the way to establish extra tunnel with third endpoint? I need to be able to reach $net1 and $net2 networks from $net3 with is 192.168.3.0/24 and vice versa. Is it enough to create tunnel between $net3 and $net2 to reach $net1 from $net3 or I need to setup two tunnels on each endpoint? I doubt if such config work: ######################## net1 = "{ 192.168.1.0/24, 192.168.11.0/24 }" net2 = "{ 192.168.2.0/24, 192.168.22.0/24, 192.168.33.0/24 }" net3 = "{ 192.168.3.0/24 }" flow esp from $net2 to $net1 peer x.x.x.x esp from y.y.y.y to x.x.x.x spi 0xdeadbeef:0xbeefdead \ auth hmac-sha2-512 enc blowfish \ authkey file "/root/akey.local:/root/akey.remote" \ enckey file "/root/ekey:/root/ekey" flow esp from $net2 to $net3 peer z.z.z.z esp from y.y.y.y to z.z.z.z spi 0xdeadbeef:0xbeefdead \ auth hmac-sha2-512 enc blowfish \ authkey file "/root/akey.local3:/root/akey.remote3" \ enckey file "/root/ekey3:/root/ekey3" ########################