[Openswan Users] SOLVED (partially): VPN client IP addressing configuration issues
Rolando Zappacosta
zappacor at yahoo.com.ar
Tue Sep 9 05:06:28 EDT 2008
> > However, most of the hosts I need to reach are on the
> AAA.0.0.0/8 but if I configure:
> > right=AAA.BBB.CCC.DDD
> > rightsubnet=AAA.0.0.0/8
> > I loose all the connectivity as I loose the
> reachability of the GW itself.
> >
> > How can I deal with this?
> > Can I add a whole subnet with the excpetion of a
> single host (the GW)?
>
> Add a 'passthrough' connection. See
> /etc/ipsec.d/examples/passthrough.conf
Hi Paul,
could find some info after several hours of surfing and blind-trying and... succeeded!!!!!!!!!
This is how my ipsec.conf looks now:
version 2.0
config setup
conn Intranet
aggrmode=yes
ike=3des-sha1-modp1024
authby=secret
pfs=no
left=%defaultroute
leftxauthclient=yes
leftmodecfgclient=yes
modecfgpull=yes
right=AAA.BBB.CCC.DDD
rightsubnet=AAA.0.0.0/8
auto=add
include /etc/ipsec/ipsec.d/examples/no_oe.conf
conn passthrough
left=%defaultroute
leftnexthop=192.168.1.1
right=AAA.BBB.CCC.DDD
rightsubnet=AAA.BBB.CCC.DDD/32
type=passthrough
authby=never
auto=route
So, the only routing pending point now is how can I get rid off of:
leftnexthop=192.168.1.1
in a way it gets automatically configured? (it depends on whether I access the Internet through my 3G USB device or my WLAN (in which case it also depends on where...)
Regards and thank you all for helping me with all this,
Rolando
More information about the Users
mailing list