[Openswan Users] routing question
Andreas Lüdtke
andi.luedtke at gmx.de
Thu Jan 19 09:20:14 CET 2006
> > Now my question: is this the right way to achieve this or do I need to enter this
route
> > via ipsec eroute or ipsec.conf? I would like see an additional route to 10.0.3.0/24
when I
> > run ipsec eroute...
> >
> <snip>
> If I understand you correctly, then you either need to add another
> connection definition for a tunnel between 10.0.1.0/24 and 10.0.3.0/24
> or you need to change the subnet mask in the existing definition to 23
> bits, i.e., a tunnel between 10.0.1.0/24 and 10.0.2.0/23. Of course,
> the mask must agree on both sides of the tunnel. Hope this
> helps - John
John,
you did understood me right. My idea was to use one tunnel to the company gateway, because
this gateway handles the routes to all other destinations. When I use a different subnet
mask (i.e. 10.0.2.0/16), I can reach the other nets, but when the company gateway is
trying to establish a connection from 10.0.2.0/24 to 10.0.1.0/24, then the Openswan on
10.0.1.0 says it has no connection for 10.0.2.0/16. Or should I use two connections: one
for outgoing and one for incoming?
Is there a possibility to add additional routes for a given vpn tunnel?
More information about the Users
mailing list