[Openswan Users] Multiple destination subnets
George Alexander
alexanderthegeorge at gmail.com
Fri Apr 30 14:03:42 EDT 2010
You just have to make two tunnels, or tell them to nat once the packets
arrive on their side.
Like so:
conn organizationx-intranet-server
also=mcmc
rightsubnet=10.98.98.30/32
conn organizationx-as400
also=mcmc
rightsubnet=10.1.2.13/32
conn organizationx
type=tunnel
auto=add
auth=esp
pfs=no
authby=secret
keyingtries=0
left=EXTERNAL.IP
leftsubnet=172.25.25.2/32
right=EXTERNAL.IP
aggrmode=no
esp=3des-sha1
keyexchange=ike
ike=3des-sha1-modp1024
keylife=28800
ikelifetime=86400
then
ipsec auto --add organizationx-intranet-server
ipsec auto --add organizationx-as400
And now you've got 2 tunnels...
On Fri, Apr 30, 2010 at 9:07 AM, Perry, Michael <mperry at telegenuk.com>wrote:
> How do I configure Openswan to permit access from a destination network
> with multiple subnets. Since one is in the 10.x range and the other is in
> the 192.x range wouldn’t the only shared subnet be the whole internet?
>
>
>
> I tried configuring multiple subnets in the rightsubnet= section which
> raised errors so I tried creating two separate connections. This looked
> promising as [service ipsec status] reported two tunnels, however when the
> destination network made any connection attempts it could not locate a
> policy to match against.
>
>
>
> What seemed to happen was that it would try to match to the first
> connection only.
>
>
>
> Thanks, Mike.
>
>
>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100430/500f8ebb/attachment.html
More information about the Users
mailing list