[Openswan Users] SOLVED (partially): VPN client IP addressing configuration issues

Sat Sep 6 14:47:17 EDT 2008

Hi all,

 I finally succedded on connecting to a Lucent VPN Gateway and pinging a host on a subnet of the secured Intranet. Now I should improve the routing configuration.

 Let's see, the host I can ping is on the XXX.0.0.0 subnet and my working config is this one:

version 2.0

config setup
        plutodebug=control

conn Intranet
        aggrmode=yes
        ike=3des-sha1-modp1024
        authby=secret
        left=%defaultroute
        leftxauthclient=yes
        leftmodecfgclient=yes
        modecfgpull=yes
        right=AAA.BBB.CCC.DDD
        rightsubnet=XXX.0.0.0/8
        pfs=no
        auto=add

include /etc/ipsec/ipsec.d/examples/no_oe.conf

  However, most of the hosts I need to reach are on the AAA.0.0.0/8 but if I configure:
        right=AAA.BBB.CCC.DDD
        rightsubnet=AAA.0.0.0/8
I loose all the connectivity as I loose the reachability of the GW itself.

  How can I deal with this?
  Can I add a whole subnet with the excpetion of a single host (the GW)?

Besides, how can I add multiple subnets at once (kinda rightsubnet="AAA.0.0.0/8, III.JJJ.0.0/16, PPP.QQQ.RRR.0/24)