[Openswan Users] Is more than one network behind a remote gateway possible?
Wolfgang Kueter
wolfgang at shconnect.de
Wed May 16 23:27:44 EDT 2007
Hello,
I'm succesfully running a site to site tunnel. While the LAN on our side
of the tunnel is pretty small (just a /26 network), the LAN on the other
side is much bigger (currently a /16 network). The gateway on the other
side is a Checkpoint FW-1, while we use OpenSwan.
currently the other side uses 172.22.0.0/16.
Config looks like this:
---8<---
conn exampleconfig
authby=secret
esp=3des-sha1-96
right=abc.def.ghi.ijk
rightsubnet=172.22.0.0/16
rightrsasigkey=%none
leftnexthop=www.xxx.yyy.zzc
left=www.xxx.yyy.zzz
leftsubnet=192.168.24.64/24
leftrsasigkey=%none
leftcert=
pfs=no
auto=add
type=tunnel
keylife=
ikelifetime=
---8<---
Unfortunately it is now required that some machines on the other side
need to use the tunnel too, that use IP addresses from the range
172.21.0.0/16.
I could of course use 172.20.0.0/14 for rightsubnet, which covers
everyting from 172.20.0.0 to 172.23.255.255 or try to add
172.21..0.0/16.
Is it possible list more than one network for rightsubnet like the
following example?
---8<---
conn exampleconfig
authby=secret
esp=3des-sha1-96
right=abc.def.ghi.ijk
rightsubnet=172.21.0.0/16 172.22.0.0/16
rightrsasigkey=%none
leftnexthop=www.xxx.yyy.zzc
left=www.xxx.yyy.zzz
leftsubnet=192.168.24.64/24
leftrsasigkey=%none
leftcert=
pfs=no
auto=add
type=tunnel
keylife=
ikelifetime=
---8<---
If yes, what is correct syntax when listing more than one network, how
to separate the entries (space, comma ...)?
Thanks, best wishes
Wolfgang
More information about the Users
mailing list