[Openswan Users] Repost: Rightsubnetwithin problem
Paul Wouters
paul at xelerance.com
Fri Sep 19 18:31:53 EDT 2008
On Fri, 19 Sep 2008, List Receiver wrote:
> leftsubnet=192.168.13.0/24
> SA is accepted by OpenSwan if the OpenSwan configuration is changed to:
>
> #rightsubnetwithin=192.168.248.0/24
> rightsubnet=192.168.248.35/32
>
> Now, I'm no whiz at subnetting, but I'm positive that 192.168.248.35/32 is inside 192.168.248.0/24. Why does OpenSwan refuse the SA incorrectly?
Don't use rightsubnetwithin. It is left over code that we don't really test
anymore. Instead, you should use virtual_private= and the vhost syntax, eg:
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12,%v4:!192.168.13.0/24
[...]
conn yourconn
rightsubnet=vhost:%priv,%no
[...]
Paul
More information about the Users
mailing list