Route based vpn in strongswan – the same remote subnets

Topology

All companies has got the same subnet.

I want to run Route Based Ipsec.

ipsec.conf

conn company A
authby=secret
ike=3des-sha1-modp1024
esp=3des-sha1
left=X.X.X.X
leftsubnet=10.0.10.0/24
leftfirewall=yes
right=A.A.A.A
rightsubnet=192.168.0.0/24
auto=route
mark=10

conn company B
authby=secret
ike=3des-sha1-modp1024
esp=3des-sha1
left=X.X.X.X
leftsubnet=10.0.20.0/24
leftfirewall=yes
right=B.B.B.B
rightsubnet=192.168.0.0/24
auto=route
mark=20

conn company C
authby=secret
ike=3des-sha1-modp1024
esp=3des-sha1
left=X.X.X.X
leftsubnet=10.0.30.0/24
leftfirewall=yes
right=C.C.C.C
rightsubnet=192.168.0.0/24
auto=route
mark=30

I assume that now i need to run the tunnels like this:

ip tunnel add ipsec1 local  X.X.X.X remote A.A.A.A mode vti key 10
ip tunnel add ipsec2 local  X.X.X.X remote B.B.B.B mode vti key 20
ip tunnel add ipsec3 local  X.X.X.X remote C.C.C.C mode vti key 30

Now - do i need to mark packets using iptables ??? if yes how to do it ?

Leave Your Comment

Leave a Reply