[Openswan Users] How to apply the policy on a interface?
Diego Woitasen
diego at woitasen.com.ar
Wed Aug 31 15:12:03 EDT 2011
Hi,
I have an IPSEC setup between two Linux gateways. It's working fine
except for one thing. I have the subnet 10.12.160.0/24 in one side and
10.0.0.0/8 on the other side (the headquarters, with several subnets).
Because I have leftsubnet=10.12.160.0/24 and rightsubnet=10.0.0.0/8 in
the one of the sides the SPD has the following entries:
src 10.12.160.0/24 dst 10.0.0.0/8
.....
src 10.0.0.0/8 dst 10.12.160.0/24
.....
src 10.0.0.0/8 dst 10.12.160.0/24
.....
If I ping from a host in the subnet 10.12.160.0/24 to the gateway, I
get no reply. That's clear for me because the policy says that
security is required for anything that match
10.0.0.0/8<->10.12.126.0/24. To proof this, I get the ping working
with this lines:
ip xfrm policy add dir in src 10.12.160.0/24 dst 10.12.160.0/24 action allow
ip xfrm policy add dir out src 10.12.160.0/24 dst 10.12.160.0/24 action allow
Now, my question is... is it possible to configure Openswan in a way
that the policy created after the SAs uses the interface as selector?
Regards,
Diego
--
Diego Woitasen
More information about the Users
mailing list