[Openswan Users] Tricky routing question

[Ralf Guenthner]

Hi list

I'm faced with the following situation:

Roadwarriors  <->  GwA  <-> GwB ---NetB
                    -NetA

In words: A group of roadwarriors using SSH Sentinel connects to a 
gateway, using x.509 certificates and with a remote network setting for 
NetA (which is directly connected to GwA). GwA is running a DHCP server 
and we assign private IPs to the RWs via DHCP-over-IPSEC as described in 
papers by Andreas Steffen and others.

GwA also has a site-2-site-VPN with GwB, so that NetA can reach NetB and 
vice versa. Now the roadwarriors want to be able to access servers in 
NetB also. Is there a way to do this except having the RW connect to GwB 
directly? I've looked at various docs but no scenario I've found seems 
to quite fit our requirements. Subnets is not the solution, since NetA 
and NetB are totally different (one is private, one is public IP space).

Any help highly appreciated
Regards
Ralf G.