[Openswan Users] Routing on a bigger network

Dave Stubbs dave.stubbs at utoronto.ca
Mon Jan 31 11:35:22 CET 2005


Uh, Let's send that txt diagram again:


10.151.169.32/27 --+
10.151.137.32/27 --+-- router -- 10.151.177.64/27 -------+
10.151.178.0/24 ---+                                     |
10.151.128.0/24 ---+                                 LinuxServer
                                                         |
                                                        VPN
                                                         |
10.135.202.192/27 -+                                 LinuxServer
10.135.200.0/24 ---+                                     |
10.135.201.0/24 ---+-- router -- 10.135.202.224/27 ------+
10.135.203.224/27 -+

Hope that helps

Dave...

Dave Stubbs wrote:

> Hello all,
>
> I have the following setup:
>
>
> 10.151.169.32/27 --+ 10.151.137.32/27 --+-- router -- 10.151.177.64/27 
> -------+
> 10.151.178.0/24 ---+                                     |
> 10.151.128.0/24 ---+                                 LinuxServer
>                                                         |
>                                                        VPN
>                                                         |
> 10.135.202.192/27 -+                                 LinuxServer
> 10.135.200.0/24 ---+                                     |
> 10.135.201.0/24 ---+-- router -- 10.135.202.224/27 ------+
> 10.135.203.224/27 -+
>
> The VPN is an OpenSWAN IPSec tunnel through the internet, and each 
> immediate network at the end of the VPN is connected to lots of other 
> networks via various methods.  I've only shown 4 of them on each side, 
> but there are actually many more.  OpenSWAN works great for the two 
> subnets immediately attached to the two Linux Servers, but I want to 
> be able to have a machine on the 10.151.169.32/27 network able to 
> connect to a machine on the 10.130.203.224/27 segment.
> The main group of networks at the top could be summarized as 
> 10.151.0.0/16 and the bottom ones could be summarized as 10.135.0.0/16 
> but not necessary.  There are plans to hook the top part to another 
> whole pile - say, 10.148.0.0/16.
>
> It would be really nice to put OSPF on the two linux servers and have 
> them propagate routes through the VPN, but I'm reading that this is 
> not possible because OpenSWAN uses "policies", not "routes".  Is there 
> any example of how to do this?
> Thanks,
>
> Dave...
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users




More information about the Users mailing list