[Openswan Users] Multiple destination subnets

George Alexander alexanderthegeorge at gmail.com
Fri Apr 30 14:05:00 EDT 2010 

heh woops, those also's should be =organizationx

On Fri, Apr 30, 2010 at 1:03 PM, George Alexander <
alexanderthegeorge at gmail.com> wrote:

> You just have to make two tunnels, or tell them to nat once the packets
> arrive on their side.
> Like so:
>
> conn organizationx-intranet-server
>      also=mcmc
>      rightsubnet=10.98.98.30/32
>
> conn organizationx-as400
>      also=mcmc
>      rightsubnet=10.1.2.13/32
>
> conn organizationx
>      type=tunnel
>      auto=add
>      auth=esp
>      pfs=no
>      authby=secret
>      keyingtries=0
>      left=EXTERNAL.IP
>      leftsubnet=172.25.25.2/32
>      right=EXTERNAL.IP
>      aggrmode=no
>      esp=3des-sha1
>      keyexchange=ike
>      ike=3des-sha1-modp1024
>      keylife=28800
>      ikelifetime=86400
>
>
> then
> ipsec auto --add organizationx-intranet-server
> ipsec auto --add organizationx-as400
>
> And now you've got 2 tunnels...
>
> On Fri, Apr 30, 2010 at 9:07 AM, Perry, Michael <mperry at telegenuk.com>wrote:
>
>>  How do I configure Openswan to permit access from a destination network
>> with multiple subnets. Since one is in the 10.x range and the other is in
>> the 192.x range wouldn’t the only shared subnet be the whole internet?
>>
>>
>>
>> I tried configuring multiple subnets in the rightsubnet= section which
>> raised errors so I tried creating two separate connections. This looked
>> promising as [service ipsec status] reported two tunnels, however when the
>> destination network made any connection attempts it could not locate a
>> policy to match against.
>>
>>
>>
>> What seemed to happen was that it would try to match to the first
>> connection only.
>>
>>
>>
>> Thanks, Mike.
>>
>>
>>
>>
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100430/e5cb4fa1/attachment.html

More information about the Users mailing list