<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Consolas","serif";
color:black;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Thank you for responding. Site B subnet can change as it’s not required to be that large. For example purposes, lets now assume Site B private subnet is 172.16.0.0/24.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Thanks!<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> Nick Howitt [mailto:nick@howitts.co.uk] <br><b>Sent:</b> Thursday, February 25, 2016 4:14 PM<br><b>To:</b> Leonard Wood; users@lists.openswan.org<br><b>Subject:</b> Re: [Openswan Users] Cross Site Connectivity<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'>Hmm. Generally for VPN's subnets should not overlap at either end of the tunnel or the routing fails. Site B has a massive subnet, 10.0.0.0 - 10.255.255.255 (16,777,216 addresses). Unfortunately subnet A is entirely in Site B's subnet. Does site B need such a big subnet or can site B change to another subnet (either in the 172.16.0.0/12 range or 192.168.0.0/16 range but not 192.168.0.0/24 which is not a good subnet and is, in any case, being used at site C).<br><br>The problem you have is that site B sees 10.10.0.0/16 as local to itself so won't route traffic to Site A down the VPN.<br><br>Nick<o:p></o:p></p><div><p class=MsoNormal>On 25/02/2016 21:00, Leonard Wood wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>I have a single Openswan deployment (2.6.38/K4.2.0-27-generic) currently connected to two sites—Site A and Site B. Let’s call my OpenSwan deployment Site C.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>I need to have Site A private subnet communicate with Site B private subnet, and vice versa.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Site A Private Subnet = 10.10.0.0/16<o:p></o:p></p><p class=MsoNormal>Site B Private Subnet = 10.0.0.0/8<o:p></o:p></p><p class=MsoNormal>Site C Private Subnet = 192.168.1.0/24 (OpenSwan Deployment Subnet)<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>As of current, I can only communicate to/from Site A from Site C and I can only communicate to/from Site B from Site C. <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Any suggestions how to accomplish cross site connectivity so Site A and communicate with Site B through Site C and vice versa?<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Secondly, do you see any security concerns with this approach? Could traffic be intercepted or read in plaintext from my OpenSwan instance (Site C) since it’s essentially acting as MITM?<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Many thanks in advance!<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Leo<o:p></o:p></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><br><br><br><o:p></o:p></span></p><pre>_______________________________________________<o:p></o:p></pre><pre><a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><o:p></o:p></pre><pre><a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a><o:p></o:p></pre><pre>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><o:p></o:p></pre><pre>Building and Integrating Virtual Private Networks with Openswan:<o:p></o:p></pre><pre><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><o:p></o:p></pre></blockquote><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p></div></body></html>