[Openswan Users] Tunnel to 0.0.0.0/0 except some addresses
Norman Rasmussen
norman at rasmussen.co.za
Sun Nov 27 14:56:45 CET 2005
ipsec nubie replies:
I would try two different things:
1) check you have a route for localnet2 on router1 via ethx
2) try breaking 0.0.0.0/0 into 0.0.0.0/1 and 128.0.0.0/1
On 11/27/05, Markus <mlist at dlite.de> wrote:
> Hi,
>
> I have the following setup:
>
> localnet1 -----\ /----- localnet3
> router1 ---(untrusted)--- router2
> localnet2 -----/ \----- Internet
>
> I have setup a tunnel between localnet1+localnet2 to 0.0.0.0/0. That works
> nearly perfect, I can reach localnet3 and the Internet without problems from
> localnet1/2. But I cannot reach localnet2 from localnet1 as (I think)
> router1 sends everything from localnet1 to router2 (which is not acceptable
> as the connection between router1 and router2 is very slow). I think that I
> need a tunnel which says "to 0.0.0.0/0 except localnet2" or a route on
> router1 which overwrites the ipsec-routes (eroute?). Is that right? How can
> I do this?
>
> I am using on both routers:
> openswan-2.4.4 on linux-2.6.8 (Debian sarge), same tested with openswan-2.2
>
> --
> Beste Grüße / best regards Markus
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the Users
mailing list