Hi Paul,<br><br>Thanks a ton for the response. I seemed to have gotten this to work but had to add a leftnexthop value to the conn declaration. Should I need this or am I doing something wrong?<br><br>Also, when I do this, it adds a route to my inside network via my outside interface but for some reason, still seems to work. Is this normal or is there another way to do this?<br>
<br>Also, what exactly does the passthrough tunnel do other than add a route?<br><br>host - 10.11.11.100 -----VPN eth1 10.11.11.1 - eth0 172.16.1.2 ----gw 172.16.1.1<br>
<br>I added the following pass-through:<br><br># my local range is <a href="http://10.11.11.0/24" target="_blank">10.11.11.0/24</a><br>conn pass-local<br> left=172.16.1.2<br> leftsubnet=<a href="http://10.11.11.0/24" target="_blank">10.11.11.0/24</a><br>
leftnexthop=172.16.1.1 <-------------------I can't get it to start w/o this<br> right=0.0.0.0<br> rightsubnet=<a href="http://10.11.11.0/24" target="_blank">10.11.11.0/24</a><br> authby=never<br>
type=passthrough<br>
auto=route<br><br>This adds a route for my private subnet via eth0 but the actual network is reachable via eth1.<br><br>Thanks!<br><br>Robyn<br><br><br><div class="gmail_quote">On Sat, Dec 19, 2009 at 10:31 AM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com" target="_blank">paul@xelerance.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>On Fri, 18 Dec 2009, Robyn Orosz wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I need connect to a device that is attached to several remote networks within the <a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a> range. Rather<br>
than creating several tunnels I just summarized the remote subnet as <a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>. The problem is that this<br>
includes my own local subnet so when locally connected hosts attempt to access the VPN device at 10.11.11.1,<br>
they are unable to as it appears that this traffic gets redirected onto the tunnel.<br>
</blockquote>
<br></div>
It's a problem with NETKEY only, not KLIPS. On NETKEY you need to add a "passthrough"<br>
for anything that is local:<br>
<br>
# my local range is <a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a><br>
conn pass-local<br>
left=yourip<br>
leftsubnet=10.0.0.0./24<br>
right=0.0.0.0<br>
rightsubnet=<a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a><br>
authby=never<br>
type=passthrough<br>
auto=route<br>
<br>
</blockquote></div><br>