Support Requests item #708144, was opened at 2003-03-22 16:03
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=213751&aid=708144&group_id=13751
Category: Release/Branch: Bering
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Bob Dushok (bdushok)
Assigned to: Mike Noyes (mhnoyes)
Summary: Multiple VPNs through same interface?
Initial Comment:
I've been using Bering 1.0.2 for several weeks to
maintain a VPN between two of our sites. All has been
working well.
This week I needed to add a new site and installed a
Leaf firewall at the new location.
At our main location we've using net 10.1.0.0/24 and
have a VPN established to 10.12.0.0/24. I want to an
additional VPN to 10.11.0.0/24 at the new location.
I already have a conn section of ipsec.conf for our first
site, so I've added a second configured similarly (after
generating a host key). Upon restarting the firewall at
our main location I'm starting both VPNs using:
ipsec auto --up loc1
ipsec auto --up loc2
Establishing each of the VPN connections seems to
take a little longer than normal and lists a retry is
needed to establish the connections. Information
indicating the SA has been established does appear
after the retry delay. Using "ipsec look" I'm seeing that
both VPNs are setup via ipsec0. ip route also indicates
both VPNed nets are using ipsec0.
This doesn't seem correct. Unfortunately it's the
weekend and the two remote sites are closed. I can't
verify if my connections are good as I can't verify if any
hosts behind the VPNs are powered up.
Is it normal to have multiple VPNs on the same
interface? I can't seems to locate docs indicating the
proper method of setting up multiple VPNs using
Freeswan/Leaf.
Thanks!
Bob
My ipsec.conf is included below:
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=all
plutoload=%search
plutostart=%search
conn %default
type=tunnel
keyexchange=ike
keylife=8h
keyingtries=0
authby=rsasig
disablearrivalcheck=no
pfs=yes
conn loc1
left=199.224.108.210
leftsubnet=10.1.0.0/24
leftnexthop=199.224.108.14
right=66.202.70.89
rightsubnet=10.12.0.0/24
rightnexthop=66.202.70.88
auto=add
leftrsasigkey=(removed for posting purposes)
rightrsasigkey=(removed for posting
purposes)
conn loc2
left=199.224.108.210
leftsubnet=10.1.0.0/24
leftnexthop=199.224.108.14
right=64.65.218.107
rightsubnet=10.11.0.0/24
rightnexthop=66.65.218.1
auto=add
leftrsasigkey=(removed for posting purposes)
rightrsasigkey=(removed for posting
purposes)
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=213751&aid=708144&group_id=13751
-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
