[Openswan Users] SOLVED (partially): VPN client IP addressing configuration issues
Rolando Zappacosta
zappacor at yahoo.com.ar
Mon Sep 8 13:47:31 EDT 2008
> > However, most of the hosts I need to reach are on the
> AAA.0.0.0/8 but if I configure:
> > right=AAA.BBB.CCC.DDD
> > rightsubnet=AAA.0.0.0/8
> > I loose all the connectivity as I loose the
> reachability of the GW itself.
> >
> > How can I deal with this?
> > Can I add a whole subnet with the excpetion of a
> single host (the GW)?
>
> Add a 'passthrough' connection. See
> /etc/ipsec.d/examples/passthrough.conf
I don't have that one installed and couldn't find it on the 2.4.16 tar nor surfing the web :-(
One thing worth noting is the GW I connect to has a public IP address (AAA.BBB.CCC.DDD) that lies on the same network I need to reach through it (AAA.0.0.0/8):
version 2.0
config setup
conn Intranet
aggrmode=yes
ike=3des-sha1-modp1024
authby=secret
left=%defaultroute
leftxauthclient=yes
leftmodecfgclient=yes
modecfgpull=yes
right=AAA.BBB.CCC.DDD
rightsubnet=AAA.0.0.0/8
pfs=no
auto=add
include /etc/ipsec/ipsec.d/examples/no_oe.conf
How should I configure the passthourgh then? Tried some variations around this with no luck:
conn passthrough
left=%defaultroute
right=0.0.0.0
type=passthrough
auto=route
authby=never
More information about the Users
mailing list