[Openswan Users] IPSec net-to-net with multiple subnets
Peter McGill
petermcgill at goco.net
Thu Jul 23 10:22:09 EDT 2009
It's very simple. Simply copy the conn definition and change the conn name and rightsubnet values.
Or if you want to get fancy... (This is how I do it)
conn main
left=...
right=...
leftsubnet=...
# all other connection details except rightsubnet and auto
conn subnet1
also=main
rightsubnet=...
auto=...
conn subnet2
also=main
rightsubnet=...
auto=...
Note: The reason 192.168.0.0/19 doesn't work is that it's not setup as a subnet on the vigor.
Each IPSec subnet must be defined and identical on both sides of the connection to work.
This is an IPSec requirement regardless of what vendor/equipment you use.
Peter McGill
IT Systems Analyst
Gra Ham Energy Limited
> -----Original Message-----
> From: users-bounces at openswan.org
> [mailto:users-bounces at openswan.org] On Behalf Of Youri Matthys
> Sent: July 23, 2009 9:50 AM
> To: Users at openswan.org
> Subject: [Openswan Users] IPSec net-to-net with multiple subnets
>
> Hi all,
>
> I have a small problem configuring my remote network.
>
> At this time I have following configuration working:
>
> home network --------- Openswan ------- adsl router =======
> vigor vpn ------- office network 24bit
>
> The problem is that behind the office network we have
> multiple other subnets. In theory I could just conntect with
> rightsubnet 192.168.0.0/19 but the vigor does not accept this
> configuration. Is there any workaround on how I could access
> the other office subnets without resorting to PPTP?
>
> I was looking into l2tp/ipsec because the vigor supports this
> to but i'm not positive that this will solve my issue.
>
> Regards, Youri
>
>
More information about the Users
mailing list