[Openswan Users] Routing on a bigger network
Dave Stubbs
dave.stubbs at utoronto.ca
Mon Jan 31 11:31:38 CET 2005
Hello all,
I have the following setup:
10.151.169.32/27 --+
10.151.137.32/27 --+-- router -- 10.151.177.64/27 -------+
10.151.178.0/24 ---+ |
10.151.128.0/24 ---+ LinuxServer
|
VPN
|
10.135.202.192/27 -+ LinuxServer
10.135.200.0/24 ---+ |
10.135.201.0/24 ---+-- router -- 10.135.202.224/27 ------+
10.135.203.224/27 -+
The VPN is an OpenSWAN IPSec tunnel through the internet, and each
immediate network at the end of the VPN is connected to lots of other
networks via various methods. I've only shown 4 of them on each side,
but there are actually many more. OpenSWAN works great for the two
subnets immediately attached to the two Linux Servers, but I want to be
able to have a machine on the 10.151.169.32/27 network able to connect
to a machine on the 10.130.203.224/27 segment.
The main group of networks at the top could be summarized as
10.151.0.0/16 and the bottom ones could be summarized as 10.135.0.0/16
but not necessary. There are plans to hook the top part to another
whole pile - say, 10.148.0.0/16.
It would be really nice to put OSPF on the two linux servers and have
them propagate routes through the VPN, but I'm reading that this is not
possible because OpenSWAN uses "policies", not "routes". Is there any
example of how to do this?
Thanks,
Dave...
More information about the Users
mailing list