[Openswan Users] Users Digest, Vol 48, Issue 27

Chris Patch chrispatch at intrstar.net
Sun Nov 11 14:24:36 EST 2007

That's not how ipsec works. If there is a security association, only
will be used, and nothing else. So if you want your "nearest" ip (eg the
public one) to be able to talk to, then you need to add
another tunnel with a left,right and rightsubnet covering that policy.

> I think the normal way to achieve this is to set up a second host ->
> subnet VPN tunnel, for the server in question. I can't do that here
> however, as the sonicwall refuses to set up a second connection to the
> same gateway IP address.

>>File a bug report with Sonic wall?

> Is there anything I can do with iptables, or routing, that will enable
> me to make this happen?
On a Sonicwall you can set up a second subnet for the same tunnel.  I
had to do this once, it works.  I think the button you are after is "add
subnet" or a"dd network"
On the openswan side you just make to tunnels.

Users mailing list
Users at openswan.org

End of Users Digest, Vol 48, Issue 27

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Users mailing list