Hi,<br><br>I found a Openswan Users thread was discussing about the same question<br>three years ago as below:<br>============================================================<br><h3 class="title">Re: [Openswan Users] IP subnet range</h3>
<pre>On Mon, 19 Apr 2010, Mike A. Leonetti wrote:
> Is there a way to set the subnet to an IP range instead of an entire
> subnet? I need to satisfy this message when I try and bring up a VPN to
> a Sonicwall.
>
> peer client ID payload in Quick I1, ID_IPV4_ADDR_RANGE 192.168.1.21 -
> 192.168.1.22 unacceptable: not a valid subnet
It has to be CIDR notation. Any other "ranges" are not allowed, and you'll
have to split it out into multiple CIDR's if possible.
Paul<br>============================================================================<br><br>According to Mr. Paul Wouters's answer, Openswan only takes the CIDR notation<br>as the IP subnet range. I'm wondering is it still the limitation for the<br>
latest (2.6.39) Openswan release? If so, does that mean Openswan cannot handle<br>the ID_IPV4_ADDR_RANGE ID type (Proxy ID) in phase 2 negotiation?<br><br>Thanks,<br><br>Yang<br></pre><br><br><div class="gmail_quote">On Sat, Aug 3, 2013 at 9:49 AM, Yang Hsiung <span dir="ltr"><<a href="mailto:yhsiung@zyxel.com" target="_blank">yhsiung@zyxel.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'm sorry for the confusion about my original question. I'm NOT looking for<br>a CIDR notation with prefix format in the ipsec.conf. I would like to know<br>
that does Openswan configuration parser can handle the IP range format<br>
as below in general:<br><br> IP_ADDRESS_START - IP_ADDRESS_END<br><br>"leftsubnet=192.168.0.1-192.168.0.100" was just an example.<br><br>By looking into the Openswan source, I noticed that ID_IPV4_ADDR_RANGE<br>
(RFC 2407 4.6.2.1) ID type is being handled. I'm wondering does Openswan<br>support it? If so, what's the corresponding IP "range" format should be specified<br>in the ipsec.conf?<br><br>Thanks,<br><br>
Yang<div class="HOEnZb"><div class="h5"><br>
<br><br><br><br><div class="gmail_quote">On Sat, Aug 3, 2013 at 5:57 AM, Binand Sethumadhavan <span dir="ltr"><<a href="mailto:binand@gmx.net" target="_blank">binand@gmx.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>On 3 August 2013 05:13, Yang Hsiung <<a href="mailto:yhsiung@zyxel.com" target="_blank">yhsiung@zyxel.com</a>> wrote:<br>
> leftsubnet=192.168.0.1-192.168.0.100<br>
><br>
> If not, is there an alternative approach to configure the above example?<br>
<br>
</div>Well, this is a bit convoluted but this set of leftsubnets:<br>
<br>
<a href="http://192.168.0.1/32" target="_blank">192.168.0.1/32</a><br>
<a href="http://192.168.0.2/31" target="_blank">192.168.0.2/31</a><br>
<a href="http://192.168.0.4/30" target="_blank">192.168.0.4/30</a><br>
<a href="http://192.168.0.8/29" target="_blank">192.168.0.8/29</a><br>
<a href="http://192.168.0.16/28" target="_blank">192.168.0.16/28</a><br>
<a href="http://192.168.0.32/27" target="_blank">192.168.0.32/27</a><br>
<a href="http://192.168.0.64/27" target="_blank">192.168.0.64/27</a><br>
<a href="http://192.168.0.96/30" target="_blank">192.168.0.96/30</a><br>
<a href="http://192.168.0.100/32" target="_blank">192.168.0.100/32</a><br>
<br>
matches exactly 192.168.0.1-192.168.0.100.<br>
<span><font color="#888888"><br>
Binand<br>
</font></span></blockquote></div><br>
</div></div></blockquote></div><br>