[Openswan Users] Openswan multiple subnets Subnet
Amedeo Alaimo
amedeo at distributivenetworks.com
Thu Aug 2 16:44:32 EDT 2007
When using 2 separate conns, would I have to include the also parameter?
Would I then essentially have 3 conns?
Does the netscreen engineer need to add another connection as well?
Currently I tried copying the connection and giving it a new name. Then
I replaced the rightsubnet with the second subnet. It will not get past
phase one.
Thanks!
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Thursday, August 02, 2007 4:22 PM
To: Amedeo Alaimo
Cc: users at openswan.org
Subject: Re: [Openswan Users] Openswan multiple subnets Subnet
On Thu, 2 Aug 2007, Amedeo Alaimo wrote:
> I have an issue connection to a Netscreen 50 device using openswan .
> I HAVE connected to other netscreen devices fine. It is just this
> particular configuration.
>
> The netscreen is set up this way:
>
> Subnet (public ip range) xxx.xxx.xxx.xxx/31 and xxx.xxx.xxx.xxx/32
A /31 makes no sense. It's not a valid CIDR.
> It appears that the left|rightsubnet parameter of ipsec.conf will not
> take 2 subnets.
Use left|rightsubnets= if using 2.5.x When using 2.4.x, use two seperate
conns. Openswan will automatically re-use the same phase1.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list