[Openswan Users] Route more than one subnet in same VPN Tunnel
Andy Gay
andy at andynet.net
Wed Sep 6 16:25:24 EDT 2006
On Wed, 2006-09-06 at 14:29 -0300, Frederico Madeira wrote:
> Hu guys,
>
> I have this topology:
>
> 192.168.10.0/24
> 192.168.11.0/24 --- VPN Gateway ------[ internet ] ------ VPN Gateway
> ---- 192.168.20.0/24
> 192.168.12.0/24
> 192.168.21.0/24
>
> Actualy i only can ping 192.168.11.0/24 and 192.168.20.0/24.
>
Your diagram isn't clear because your mail client wrapped the lines. But
I think you have 192.168.10/11/12 on the left, 192.168.20/21 on the
right?
If you want one tunnel to handle all of that, you can use
192.168.20.0/23 for the rightsubnet. The left isn't so easy, you could
perhaps use leftsubnet=192.168.8.0/21, that would match 192.168.8.x
through 192.168.15.x, which may be more than you want.
Alternatively, to match these exact subnets you could use 2 tunnels:
192.168.10.0/23 <--> 192.168.20.0/23 and
192.168.12.0/24 <--> 192.168.20.0/23
> How can i add routes to multiple subnets using the same vpn tunnel ??
Why do you care how many tunnels you need to use? Don't be afraid to use
lots if that keeps your security policy intact. Read this from the old
Freeswan docs:
http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/adv_config.html#adv_config
>
> Thanks.
>
> --
> Frederico Madeira
> fmadeira at gmail.com
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list