[Shorewall-users] IPSEC tunnel hub

Jorge Molina jmolina at it-solutions.com.ar
Mon Jun 16 06:10:01 PDT 2003


Hi Tom. Sorry to bother you again with this but I don't want to let this 
ipsec thing die here... I already read the new ipsec configuration with a 
tunnel hub and that is what I want to do.

Ok, my final score is to do a complete tunnel hub between 3 networks, but 
for now, it is ok with only 2. My setup:

Host A: Central gateway
NET: eth0:200.x.x.1
LOC: dummy0:192.168.200.1/16

Host B:
NET: eth1:24.x.x.1
LOC: eth0:192.168.7.0/24

Host C:
NET: eth1:24.x.x.2
LOC: eth0:192.168.9.0/24

Before start dumping my configuration files, I must say that the ipsec is 
working just fine and I can ping from a computer *inside* the host B to 
the ip address at dummy0 for the host A.

HOST A:
params:
LOC_IF=dummy0
NET_IF=eth0
NET_OPTIONS=blacklist,tcpflags,routefilter,norfc1918,dropunclean
VPN_IF=ipsec0

zones:
loc     Local   Local
net     Net     Internet 
vpn1    VPN1    Remote host 1

interfaces:
loc     $LOC_IF
net     $NET_IF -       $NET_OPTIONS
-       $VPN_IF

tunnels:
ipsec   net     24.x.x.1

hosts:
vpn1    ipsec0:192.168.7.0/24

HOST B:


-- EOM

Saludos/Regards,
Jorge Molina.
Buenos Aires - Argentina (GMT-3).


More information about the Shorewall-users mailing list