[Openswan Users] vpn site to site for list of ip's
Paul Wouters
paul at xelerance.com
Thu Sep 9 22:50:18 EDT 2010
On Thu, 9 Sep 2010, Daniel Pezoa wrote:
> I have been making a configuration for site to site vpn with the following
> alternates configurations (i have tried one at once):
>
> 1.- Old style
>
> conn xxx_yyy1
> leftsubnets={172.16.56.29/32}
Can you try writing that as a single, eg leftsubnet=172.16.56.29/32
> also=xxx_yyy_base
> conn xxx_yyy2
> leftsubnets={172.16.56.158/32}
and leftsubnet=172.16.56.158/32
> also=xxx_yyy_base
> conn xxx_yyy_base
> type=tunnel
> left=xxx.xxx.xxx.xxx
> right=yyy.yyy.yyy.yyy
> rightsubnets={192.168.100.0/24}
and rightsubnet=192.168.100.0/24
> authby=secret
> ike="3des-sha1-modp1024"
> ikelifetime=24h
> phase2alg="3des-sha1;modp1024"
> salifetime=1h
> pfs=no
> auto=start
And see if that makes it work ?
> 2.- New style
>
> conn xxx_yyy2
> type=tunnel
> left=xxx.xxx.xxx.xxx
> leftsubnets={172.16.56.158/32,172.16.56.29/32}
> right=yyy.yyy.yyy.yyy
> rightsubnets={192.168.100.0/24}
> authby=secret
> ike="3des-sha1-modp1024"
> ikelifetime=24h
> phase2alg="3des-sha1;modp1024"
> salifetime=1h
> pfs=no
> auto=start
>
> the problem i have is the following, the vpn can by established and work, but
> only for one of the to destination ip's the last one, if i change the order the
> other ip is the one that work. The question is how i put a list of ip
> destination for site to site vpn, anywhone can help me with that throuble.
That might be a bug in the remote end's implementation or configuration then,
especially if my suggestion above does not work.
Paul
More information about the Users
mailing list