[Openswan Users] Is more than one network behind a remote, gateway possible?

Utkarsh Shah utkarsh at elitecore.com
Fri May 18 00:45:58 EDT 2007 

Hi,

You can't directly write two networks with comma or space separated.
You can achieve this by having multiple tunnels. Configuration goes like...

conn remotenetwork1
    rightsubnet=172.22.0.0/16
    leftsubnet=192.168.24.0/24
    auto=add
    also=baseconfig

conn remotenetwork2
    rightsubnet=172.21.0.0/16
    leftsubnet=192.168.24.0/24
    auto=add
    also=baseconfig

conn baseconfig
	authby=secret
        esp=3des-sha1-96
        right=abc.def.ghi.ijk
        rightrsasigkey=%none
        leftnexthop=www.xxx.yyy.zzc
        left=www.xxx.yyy.zzz
        leftrsasigkey=%none
        leftcert=
        pfs=no
        type=tunnel
        keylife=
        ikelifetime=


Regards,
Utkarsh Shah

> Hello,
>
> I'm succesfully running a site to site tunnel. While the LAN on our side
> of the tunnel is pretty small (just a /26 network), the LAN on the other
> side is much bigger (currently a /16 network). The gateway on the other
> side is a Checkpoint FW-1, while we use OpenSwan.
>
> currently the other side uses 172.22.0.0/16.
>
> Config looks like this:
>
> ---8<---
> conn exampleconfig
>         authby=secret
>         esp=3des-sha1-96
>         right=abc.def.ghi.ijk
>         rightsubnet=172.22.0.0/16
>         rightrsasigkey=%none
>         leftnexthop=www.xxx.yyy.zzc
>         left=www.xxx.yyy.zzz
>         leftsubnet=192.168.24.64/24
>         leftrsasigkey=%none
>         leftcert=
>         pfs=no
>         auto=add
>         type=tunnel
>         keylife=
>         ikelifetime=
> ---8<---
>
> Unfortunately it is now required that some machines on the other side
> need to use the tunnel too, that use IP addresses from the range
> 172.21.0.0/16. 
>
> I could of course use 172.20.0.0/14 for rightsubnet, which covers
> everyting from 172.20.0.0 to 172.23.255.255 or try to add
> 172.21..0.0/16.
>
> Is it possible list more than one network for rightsubnet like the
> following example? 
>
> ---8<---
> conn exampleconfig
>         authby=secret
>         esp=3des-sha1-96
>         right=abc.def.ghi.ijk
>         rightsubnet=172.21.0.0/16 172.22.0.0/16
>         rightrsasigkey=%none
>         leftnexthop=www.xxx.yyy.zzc
>         left=www.xxx.yyy.zzz
>         leftsubnet=192.168.24.64/24
>         leftrsasigkey=%none
>         leftcert=
>         pfs=no
>         auto=add
>         type=tunnel
>         keylife=
>         ikelifetime=
> ---8<---
>
> If yes, what is correct syntax when listing more than one network, how
> to separate the entries (space, comma ...)?
>
> Thanks, best wishes
> Wolfgang
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070518/10d1c252/attachment-0001.html

More information about the Users mailing list