[Openswan Users] routing between tunnels
Rolf Offermanns
roffermanns at sysgo.com
Thu Nov 18 17:54:36 CET 2004
Joost Kraaijeveld wrote:
> Hi all,
>
> I have a VPN server (OpenSwan that is the endpoint of two tunnels with PSK (see below)
>
> + ---- vigor --- 172.29.0.0
> 172.31.0.0 --- VPN server--|
> + ---- vigor --- 172.28.0.0
>
> The tunnel work OK and I can ping from the 17.31.0.0 network to both other networks. But I also want to be able to ping from the 172.29.0.0 network to the 172.28.0.0 network.
>
What did you specify as left / rightsubnets?
Will the vigor-tunnels only allow 172.31.0.0/16 traffic or is it "large enough" for 172.28/29 packets?
You will need three SAs for this to work
172.31.0.0/16 <--> 172.29.0.0/16
172.31.0.0/16 <--> 172.28.0.0/16
172.28.0.0/16 <--> 172.29.0.0/16
Or one SA with a netmask small enough to contain all subnets (e.g. 172.28.0.0/14).
-Rolf
--
Rolf Offermanns <roffermanns at sysgo.com>
SYSGO AG Tel.: +49-6136-9948-0
Am Pfaffenstein 14 Fax: +49-6136-9948-10
55270 Klein-Winternhein http://www.sysgo.com
More information about the Users
mailing list