[Openswan Users] Multiple subnets through 1 tunnel
Paul Wouters
paul at xelerance.com
Tue Sep 9 11:45:43 EDT 2008
On Tue, 9 Sep 2008, Peter McGill wrote:
> Openswan does not allow you to route traffic into the tunnel.
Rather, IPsec does not allow packets through without a valid IPsec policy.
IPsec is not a virtual ethernet card - You cannot route --add to it.
> Note with new versions, I believe 2.6.x you can add multiple subnets
> in a single conn definition with rightsubnets="192.168.2.0/24, 172.16.2.0/24".
> However I am not sure if this is produces a single tunnel or still multiple
> tunnels (one per subnet).
It will re-use the phase1, and setup new phase2 connections. It will do
so by trying out all combinations of the entries in leftsubnets= and
rightsubnets=. So if you have 3 entries in one, and 2 entries in the other,
then openswan attemps to setup 6 subnet tunnels.
Paul
More information about the Users
mailing list