[Openswan Users] Problem of routing under openswan
Herbert Xu
herbert at gondor.apana.org.au
Tue Jun 29 13:23:19 CEST 2004
Paul Wouters <paul at xelerance.com> wrote:
>
>> A tunnel is established through eth1 with subnet 10.2.0.0/16. Since on the opposite side of this tunnel there is another tunnel towards 10.3.0.0/16
>> I had an idea, a few years ago, to say that the first tunnel is established with subnet 10.0.0.0/8 (an no more with 10.2.0.0/16).
>> Why ? In order to see (to ping and reach the SNMP agent) every other machine from the headquarters.
>
> This is a known limitation of the current 2.6 native ipsec stack. Use KLIPS
> instead. KLIPS for openswan is planned for version 2.3. You can try Nate's
This is not a limitation at all. It's a feature.
If you want to make an exception for a subrange, you should setup
a pass policy in Openswan/Racoon. For example,
conn workaround
left=192.168.4.1
leftsubnet=10.2.0.0/16
right=192.168.4.2
rightsubnet=10.3.0.0/16
type=passthrough
auto=add
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Users
mailing list