[Openswan Users] Odd route problem

Gary W. Smith gary at primeexalia.com
Mon Apr 11 00:21:44 CEST 2005


I've created separate cons for each one and it works (as expected) but I
end up with 14 routes per site.  I guess the proper long term strategy
would be to ensure that the ranges for each site setup based on
different subnets.

Gary

-----Original Message-----
From: Tomasz Grzelak [mailto:tgrzelak at wktpolska.com.pl] 
Sent: Sunday, April 10, 2005 10:55 PM
To: Gary W. Smith; users at openswan.org
Subject: Re: [Openswan Users] Odd route problem

Gary W. Smith wrote:

> Hello,
>
Hi!

> I have a bunch of odd routes at one end of the tunnel that I would 
> like to access with an ipsec tunnel but I have been running into
problems.
>
> I have a couple different subnets on the server side 10.0.0.0/24, 
> 10.0.8.0/24, 10.1.0.0/16 and 10.0.2.0/24. The network that I'm trying 
> to connect up is 10.0.12.0/24. I added 10.0.0.0/8 to the .conf file 
> and was able to establish the connection from the server and ping to 
> the remote network but once I do that all of my requests for the local

> network are going through the tunnel. This seems to be an expected 
> side effect of the 10.0.0.0/8.
>
> Shouldn't ipsec see the 10.0.12.0/24 as a local network?
>
no, it shouldn't. A subnet 10.0.0.0/8 is something like an aggregate 
route for the networks above, and it covers all of your networks because

of the 255.0.0.0 mask. Define different conns for your networks with the

255.255.255.0 mask, leaving the 10.0.12.0/24 subnet.

Tomasz Grzelak




More information about the Users mailing list