Injecting multiple networks into VPN tunnel

We have a number of IPSec tunnels running on Linux Ubuntu with Openswan installed. Here is the typical configuration for a site:

conn L2TP-PSK-noNAT-test
        authby=secret
        pfs=yes
        auto=start
        keyingtries=3
        rekey=yes
        # LEFT: Remote Side
        left=public.ip
        leftsubnet=10.72.19.0/24
        leftsourceip=10.72.19.1
        # RIGHT: me
        right=openswan.public.ip
        rightsubnet=10.13.0.0/16
        rightsourceip=openswan.private.ip

As you can see, we route 10.13.0.0/16 over VPN tunnel (rightsubnet). It works fine, however, what if you want to inject one more network, for example 192.168.0.0/24? So you would expect something like:

rightsubnet=10.13.0.0/16,192.168.0.0/24

Here is how it’s done to inject another network into VPN tunnel:

conn L2TP-PSK-noNAT-test-192.168
        rightsubnet=192.168.0.0/24
        also=L2TP-PSK-noNAT-test

conn L2TP-PSK-noNAT-test-10.13
        rightsubnet=10.13.0.0/16
        also=L2TP-PSK-noNAT-test

conn L2TP-PSK-noNAT-test
        authby=secret
        pfs=yes
        auto=start
        keyingtries=3
        rekey=yes
        # LEFT: Remote Side
        left=public.ip
        leftsubnet=10.72.19.0/24
        leftsourceip=10.72.19.1
        # RIGHT: me
        right=openswan.public.ip
        rightsourceip=openswan.private.ip

Note that rightsubnet was removed from conn L2TP-PSK-noNAT-test.

Tags: , , , ,

Leave a Reply