[Openswan Users] Is there a way to exclude subsets of a super net when defined as the right or left subnet?
Paul Wouters
paul at xelerance.com
Sat Dec 19 13:31:01 EST 2009
On Fri, 18 Dec 2009, Robyn Orosz wrote:
> I need connect to a device that is attached to several remote networks within the 10.0.0.0/8 range. Rather
> than creating several tunnels I just summarized the remote subnet as 10.0.0.0/8. The problem is that this
> includes my own local subnet so when locally connected hosts attempt to access the VPN device at 10.11.11.1,
> they are unable to as it appears that this traffic gets redirected onto the tunnel.
It's a problem with NETKEY only, not KLIPS. On NETKEY you need to add a "passthrough"
for anything that is local:
# my local range is 10.10.10.0/24
conn pass-local
left=yourip
leftsubnet=10.0.0.0./24
right=0.0.0.0
rightsubnet=10.0.0.0/24
authby=never
type=passthrough
auto=route
More information about the Users
mailing list