[Openswan Users] Routing on a bigger network

John A. Sullivan III jsullivan at opensourcedevel.com
Mon Jan 31 12:46:51 CET 2005 

Dave Stubbs wrote:
> Hello all,
> 
> I have the following setup:
> 
> 
> 10.151.169.32/27 --+ 10.151.137.32/27 --+-- router -- 10.151.177.64/27 
> -------+
> 10.151.178.0/24 ---+                                     |
> 10.151.128.0/24 ---+                                 LinuxServer
>                                                         |
>                                                        VPN
>                                                         |
> 10.135.202.192/27 -+                                 LinuxServer
> 10.135.200.0/24 ---+                                     |
> 10.135.201.0/24 ---+-- router -- 10.135.202.224/27 ------+
> 10.135.203.224/27 -+
> 
> The VPN is an OpenSWAN IPSec tunnel through the internet, and each 
> immediate network at the end of the VPN is connected to lots of other 
> networks via various methods.  I've only shown 4 of them on each side, 
> but there are actually many more.  OpenSWAN works great for the two 
> subnets immediately attached to the two Linux Servers, but I want to be 
> able to have a machine on the 10.151.169.32/27 network able to connect 
> to a machine on the 10.130.203.224/27 segment.
> The main group of networks at the top could be summarized as 
> 10.151.0.0/16 and the bottom ones could be summarized as 10.135.0.0/16 
> but not necessary.  There are plans to hook the top part to another 
> whole pile - say, 10.148.0.0/16.
> 
> It would be really nice to put OSPF on the two linux servers and have 
> them propagate routes through the VPN, but I'm reading that this is not 
> possible because OpenSWAN uses "policies", not "routes".  Is there any 
> example of how to do this?
> Thanks,
> 
> Dave...
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 
We are working on a project that will automatically create all the
various connection definitions for you when you define the direct and
indirectly connected networks on the gateway.  Unfortunately, ISCS is
not ready yet (http://iscs.sourceforge.net).  I do not know if any one
else has such an automated configurator available - John

-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

Financially sustainable open source development
http://www.opensourcedevel.com

More information about the Users mailing list