[Openswan Users] one VPN tunnel to multiple subnets
Paul Wouters
paul at xelerance.com
Fri Apr 24 17:16:43 EDT 2009
On Fri, 24 Apr 2009, Sven J. van Rooij wrote:
> x.x.221.0/0.0.0.255
> x.x.196.0/0.0.0.255
> x.x.198.0/0.0.0.255
> I need the traffic for these networks ALL to go through the same tunnel.
That is wrong. It is not possible with IPsec. What you mean is that you will
have 1 phase 1 (IKE) tunnel and 3 phase 2 (IPsec) tunnels.
> This is the one tunnel that works… how do I get the other networks to work as well??
Copy the conn, rename it and change the rightsubnet=
Openswan will re-use existing phase 1 (IKE) where possible.
never versions of openswan allow you to use rightsubnets="1.2.3.0/xx, 2.3.4.0/xx"
Paul
More information about the Users
mailing list