[Openswan Users] rightsubnetwithin broken in 2.6.31 ?
Francis GASCHET
fg at numlog.fr
Fri Dec 17 13:27:22 EST 2010
Hello,
Thank you Paul, it works with rightsubnet=vhost:%priv
Best regards,
--
Francis GASCHET / NUMLOG
http://www.numlog.fr
Tel.: +33 (0) 130 791 616
Fax.: +33 (0) 130 819 286
Le 12/16/2010 06:43 PM Paul Wouters a écrit :
> On Thu, 16 Dec 2010, Francis GASCHET wrote:
>
>> It looks broken in 2.6.31 : even if the peer presents its /32 subnet,
>> OpenSwan replaces it with the peer's public address. The eroute is
>> established this way...
>
> subnetwithin= is not really supported. We've been planning to remove
> it but
> I believe there are one or two corner cases that uses it.
>
>> If I replace the "rightsubnetwithin" with a "rightsubnet=x.x.x.x/32",
>> everything looks fine... But I've to create a connection description for
>> each road warrior!
>
> virtual_private= together with rightsubnet=vhost:%priv should do that
> too?
>
> Paul
>
>
More information about the Users
mailing list