[Openswan Users] Is there a way to exclude subsets of a super net when defined as the right or left subnet?
Robyn Orosz
rorosz at gmail.com
Fri Dec 18 17:45:39 EST 2009
Hi Everyone,
I need connect to a device that is attached to several remote networks
within the 10.0.0.0/8 range. Rather than creating several tunnels I just
summarized the remote subnet as 10.0.0.0/8. The problem is that this
includes my own local subnet so when locally connected hosts attempt to
access the VPN device at 10.11.11.1, they are unable to as it appears that
this traffic gets redirected onto the tunnel.
I've seen other similar posts but no responses. So, I am wondering whether
or not there is an option to exclude a range of addresses from the
right/leftsubnet.
conn tunnel-1
left=172.16.1.2
right=192.168.1.2
leftsubnet=10.11.11.0/24
rightsubnet=10.0.0.0/8 -----> want to exclude 10.11.11.0/24 from
this
ike=aes128-sha1
ikelifetime=28800s
aggrmode=no
esp=aes128-sha1
keylife=3600s
rekeymargin=540s
type=tunnel
pfs=yes
compress=no
authby=secret
auto=start
Thanks!
Robyn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091218/df264d95/attachment.html
More information about the Users
mailing list