| View previous topic :: View next topic |
| Author |
Message |
wobblytickle
n00b
Joined: 08 Feb 2003
Posts: 26
|
 Posted: Fri Dec 01, 2006 4:51 pm Post subject: OpenSWAN net to net where 1 concentrator is a road warrior? |
 |
|
Is the above possible?
My folks have finally got broadband but due to complications they're with an ISP that won't assign them a static IP. They've got an old Redhat gateway I built about 5 years ago that originally protected their wireless and wired computers, did squid, named etc. and also their dial up. Now that they have a proper connection I'm building them a new gentoo box and would like to do OpenSWAN between them and me.
Will I be about to do a net to net tunnel even though their public IP is likely to change? I appreciate that computers in my net won't be able to see computers in their net until their concentrator has authenticated with mine but is it even possible? |
|
| Back to top |
|
 |
wobblytickle
n00b
Joined: 08 Feb 2003
Posts: 26
|
| Posted: Tue Dec 05, 2006 9:51 pm Post subject: |
|
|
Just to follow on in case someone else finds this useful. Found good starter was the road-warrior configuration at the OpenSWAN wiki. Just to refresh you, this is what things used to look like:
This was the code I was testing with for the above problem. In original testing I'd assigned their new box a static address in my public address space, and all was well:
| Code: |
#
# Tunnel details from my_house to my_folks
#
conn my_house-my_folks
left=MY_GATEWAY_IP
leftsubnet=10.6.0.0/16
leftsourceip=10.6.0.1
leftid=@my_gateway.mydomain.com
leftrsasigkey=blabla
right=THEIR_GATEWAY_IP
rightsubnet=10.7.0.0/16
rightsourceip=10.7.0.1
rightid=@their_gateway.mydomain.com
rightrsasigkey=foofoo
authby=rsasig
auto=add
compress=yes
|
And it works, and everyone is happy, were it not for their ISP who won't let them have a static IP. Testing so far says that this will work but I'm not going to know till I get there at Christmas and I'm behind their router. Anyway, I'm trying this now. This is the tweaked road-warrior configuration but with the subset definitions. I looked all over and didn't find an example of this out right so I hope it's useful.
On MY_GATEWAY:
| Code: |
conn my_house-my_folks
left=MY_GATEWAY_IP
leftsubnet=10.6.0.0/16
leftsourceip=10.6.0.1
leftid=@homer.chuci.org
leftrsasigkey=blabla
right=%any
rightsubnet=10.7.0.0/16
rightsourceip=10.7.0.1
rightid=@their_gateway.mydomain.com
rightrsasigkey=foofoo
authby=rsasig
auto=add
compress=yes
|
On THEIR_GATEWAY:
| Code: |
conn my_house-my_folks
left=MY_GATEWAY_IP
leftsubnet=10.6.0.0/16
leftsourceip=10.6.0.1
leftid=@my_gateway.mydomain.com
leftrsasigkey=blabla
right=%defaultroute
rightsubnet=10.7.0.0/16
rightsourceip=10.7.0.1
rightid=@their_gateway.mydomain.com
rightrsasigkey=foofoo
authby=rsasig
auto=add
compress=yes
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
