[Openswan Users] "Right Subnet" encryption exceptions

Daniel Corbe daniel.junkmail at gmail.com
Mon Aug 11 16:07:01 EDT 2008


I'm peering with a Cisco device whose peering address is in the same subnet
as their "right subnet".  See the below config.  On the Cisco side it's very
easy to exclude an address from an encrypted subnet with an access list but
there doesn't seem to be the same facilities in OpenSWAN.  How do I go about
excluding a specific /32 out of a right subnet?

conn telcentris-3

       auto            = start

       ike             = 3des-md5

       esp             = 3des-md5

       ikelifetime     = 86400s

       keylife         = 3600s

       pfs             = no

       leftsubnet      =

       right           =

       rightsubnet     =

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080811/02c6795f/attachment.html 

More information about the Users mailing list