[Shorewall-users] Two VPN connections (IPSEC)

M Lu mlu919 at hotmail.com
Wed Jun 4 01:10:05 PDT 2003


Hi,

Tom just helped me on this issue a couple of days ago.

This is what I do when I have 2 tunnels (subnet-subnet) to one site. You 
have 2 tunnels to 2 sites but should be similar

/etc/shorewall/tunnels
ipsec   net    64.128.24.x   vpn,vpn2
# You may need 2 lines here (each for diffrent remote IP)



in /etc/shorewal/interfaces
-       ipsec0


in /etc/shorewall/hosts

vpn     ipsec0:192.168.15.0/24
vpn2    ipsec0:192.168.22.0/24

and the corresponding rules and policy for vpn, vpn2 and your network.


I hope that helps.

M Lu.



>From: Phil Foxton <phil.foxton at intelligent-ms.com>
>To: shorewall-users at lists.shorewall.net
>Subject: [Shorewall-users] Two VPN connections (IPSEC)
>Date: 03 Jun 2003 16:57:11 +0100
>
>Hi,
>
>I currently have a good setup running shorewall to protect my network at
>home, and it works fine if I just want to have a tunnel to one site
>(lets call it Challenge) but if I add a tunnel to another site (lets
>call it Stony), the tunnel comes up ok (I can see from ipsec look that
>the tunnels are there) but I cannot pass any traffic over them, even
>though I can send traffic over the original tunnel. Any ideas?
>
>RGDS
>
>Phil
>--
>Phil Foxton <phil.foxton at intelligent-ms.com>
>Intelligent Maintenance Systems Ltd
>
>_______________________________________________
>Shorewall-users mailing list
>Post: Shorewall-users at lists.shorewall.net
>Subscribe/Unsubscribe: 
>http://lists.shorewall.net/mailman/listinfo/shorewall-users
>Support: http://www.shorewall.net/support.htm
>FAQ: http://www.shorewall.net/FAQ.htm

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail



More information about the Shorewall-users mailing list