<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Brian,<br>
<br>
I am also a ClearOS user. Are you using their Unmanaged IPSec VPN or
have you configured Openswan yourself? If you are using the
Unmanaged VPN it creates 4 tunnels (LAN-LAN, LAN-gateway,
gateway-gateway and gateway-LAN) which is a bit of a pain and no
longer necessary. As you are going down the manual route, I think
you can delete all but the LAN-LAN file and add the lines
leftsourceip= and rightsourceip=LANGatewayIP. Then change the end
which has multiple subnets from xxxxsubnet=10.0.6.0/24 to something
like xxxxsubnets={10.0.6.0/24,10.x.y.z/24} and note the s at the end
of xxxxsubnets. You should not need any routes.<br>
<br>
You can probably also do this solution with the ClearOS multiple
tunnel setup.<br>
<br>
Note that any manual configuration of Openswan will break the
ClearOS GUI.<br>
<br>
Nick<br>
<br>
On 02/08/2010 22:17, Brian McGrew wrote:
<blockquote cite="mid:C87C83FB.1B138%25brian@visionpro.com"
type="cite">
<title>Multiple Subnet Routing</title>
<font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size: 11pt;">Good day all,<br>
<br>
I’m using openswan-2.6.21-5.el5_4.2 on a couple of ClearOS
machines to build a vpn between two sites.<br>
<br>
It’s almost working, kinda sorta but I think I need to add
some additiona routing somewhere.<br>
<br>
On the LAN side, there are several subnets. The remote side
has one subnet.<br>
<br>
Everyone from the LAN network can reach the remote network
just fine.<br>
<br>
>From the remote network, we can reach the subnet that the
vpn/firewall is on, but none of the other subnets.<br>
<br>
The LAN configuration is:<br>
<br>
ETH0: public IP and router<br>
ETH1: 10.0.6.2 / 255.255.255.0<br>
GW: 10.0.6.1<br>
<br>
The LAN network is all working fine and the LAN side can
connect to and see the remote network.<br>
<br>
The remote configuration is:<br>
<br>
ETH0: public IP and route<br>
ETH1: 192.168.1.254 / 255.255.255.0<br>
<br>
The remote network works fine for all local stuff and all
internet access. From the remote network, we can see the
10.0.6.0 network on the LAN side but there are several other
subnets at the LAN that we can not see.<br>
<br>
I’m sure that I just need to add some routes somewhere, but
not sure where to add them and what exactly they should be.<br>
<br>
Help?<br>
<br>
-brian </span></font>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
<a class="moz-txt-link-abbreviated" href="mailto:Users@openswan.org">Users@openswan.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a class="moz-txt-link-freetext" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a class="moz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
</body>
</html>