[Openswan Users] Users Digest, Vol 48, Issue 27
Chris Patch
chrispatch at intrstar.net
Sun Nov 11 14:24:36 EST 2007
That's not how ipsec works. If there is a security association, only
that
will be used, and nothing else. So if you want your "nearest" ip (eg the
public one) to be able to talk to 10.0.0.0/24, then you need to add
another tunnel with a left,right and rightsubnet covering that policy.
> I think the normal way to achieve this is to set up a second host ->
> subnet VPN tunnel, for the server in question. I can't do that here
> however, as the sonicwall refuses to set up a second connection to the
> same gateway IP address.
>>File a bug report with Sonic wall?
> Is there anything I can do with iptables, or routing, that will enable
> me to make this happen?
On a Sonicwall you can set up a second subnet for the same tunnel. I
had to do this once, it works. I think the button you are after is "add
subnet" or a"dd network"
On the openswan side you just make to tunnels.
_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
End of Users Digest, Vol 48, Issue 27
*************************************
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Users
mailing list