[Openswan Users] Tunnel headends
Paul Wouters
paul at xelerance.com
Sun Mar 25 05:12:46 EDT 2007
On Sun, 25 Mar 2007, Benny Amorsen wrote:
> PW> You can have tunnels like 10.0.0.0/8 ==== 10.a.b.0/24, so if you
> PW> have a spoke structure, your leaves only need one tunnel to the
> PW> center.
>
> I believe you can also have all tunnels be 0.0.0.0/0 ==== 0.0.0.0/0,
> if you tell openswan to not insert routes. I have been meaning to try
> this out for a while, but I haven't gotten around to it.
So where does 1.2.3.4 live? This side or that side? And once the packet
got across, where does it go? back through the tunnel? Having those
routes would cause you to have to set manual routes on every node. You
would run the risk of endlessly looping packets, and you will find it
impossible to run a firewall with all packets popping up everywhere.
You can do 10.a.b.0/24 === 0.0.0.0/0. In fact, that is exactly how I
am connected at home (my home network goes entirely through IPsec)
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list