Injecting multiple networks into VPN tunnel

We have a number of IPSec tunnels running on Linux Ubuntu with Openswan installed. Here is the typical configuration for a site:

  1. conn L2TP-PSK-noNAT-test
  2.         authby=secret
  3.         pfs=yes
  4.         auto=start
  5.         keyingtries=3
  6.         rekey=yes
  7.         # LEFT: Remote Side
  8.         left=public.ip
  9.         leftsubnet=10.72.19.0/24
  10.         leftsourceip=10.72.19.1
  11.         # RIGHT: me
  12.         right=openswan.public.ip
  13.         rightsubnet=10.13.0.0/16
  14.         rightsourceip=openswan.private.ip

As you can see, we route 10.13.0.0/16 over VPN tunnel (rightsubnet). It works fine, however, what if you want to inject one more network, for example 192.168.0.0/24? So you would expect something like:

  1. rightsubnet=10.13.0.0/16,192.168.0.0/24

Here is how it’s done to inject another network into VPN tunnel:

  1. conn L2TP-PSK-noNAT-test-192.168
  2.         rightsubnet=192.168.0.0/24
  3.         also=L2TP-PSK-noNAT-test
  4.  
  5. conn L2TP-PSK-noNAT-test-10.13
  6.         rightsubnet=10.13.0.0/16
  7.         also=L2TP-PSK-noNAT-test
  8.  
  9. conn L2TP-PSK-noNAT-test
  10.         authby=secret
  11.         pfs=yes
  12.         auto=start
  13.         keyingtries=3
  14.         rekey=yes
  15.         # LEFT: Remote Side
  16.         left=public.ip
  17.         leftsubnet=10.72.19.0/24
  18.         leftsourceip=10.72.19.1
  19.         # RIGHT: me
  20.         right=openswan.public.ip
  21.         rightsourceip=openswan.private.ip

Note that rightsubnet was removed from conn L2TP-PSK-noNAT-test.

Tags: , , , ,

Leave a Reply