[Openswan Users] Odd route problem
Tomasz Grzelak
tgrzelak at wktpolska.com.pl
Mon Apr 11 08:55:14 CEST 2005
Gary W. Smith wrote:
> Hello,
>
Hi!
> I have a bunch of odd routes at one end of the tunnel that I would
> like to access with an ipsec tunnel but I have been running into problems.
>
> I have a couple different subnets on the server side 10.0.0.0/24,
> 10.0.8.0/24, 10.1.0.0/16 and 10.0.2.0/24. The network that I’m trying
> to connect up is 10.0.12.0/24. I added 10.0.0.0/8 to the .conf file
> and was able to establish the connection from the server and ping to
> the remote network but once I do that all of my requests for the local
> network are going through the tunnel. This seems to be an expected
> side effect of the 10.0.0.0/8.
>
> Shouldn’t ipsec see the 10.0.12.0/24 as a local network?
>
no, it shouldn't. A subnet 10.0.0.0/8 is something like an aggregate
route for the networks above, and it covers all of your networks because
of the 255.0.0.0 mask. Define different conns for your networks with the
255.255.255.0 mask, leaving the 10.0.12.0/24 subnet.
Tomasz Grzelak
More information about the Users
mailing list