From: Stephen J. Bevan (stephen_at_dino.dnsalias.com)
Date: Wed Nov 27 2002 - 07:17:27 CET
Luis Enrique Cutillas writes:
> Is this configuration possible?
>
> netB - gwB
> \
> netC - gwC - internet - gwA - netA
>
> where gwB and gwC have dynamic IP address
> and gwA have a static IP address (only one)
>
> And computers in netB comunicate with computers in netA (for example)
Yes it is possible, in fact it is a fairly straighforward setup. The
wrinkle is that since gwB and gwC have dynamic IPs then for reliable
netB<->netA connection you are going to need some additional mechanism
outside of IPsec to deal re-establishing the secure connection should
the IP address of either gwB or gwC change (some commercial IPsec
products take care of this but with FreeS/WAN you'll need to do it
yourself).
> I dont know how to deal with the interface int gwA.
> I would like to use "ipsec0=eth0 ipsec1=eth0" but this is not possible.
Why would you like to do that? One reason would be if gwA was
multi-homed and you want talk to gwB via one interface and gwC via a
different interface but you note that gwA only has one address. In
that case you can use same ipsec/eth combination to talk to both gwB
and gwC i.e. just setup ipsec0/eth0 and use that for both.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Nov 28 2002 - 05:20:52 CET