[Openswan Users] Is rightsubnet always required for subnet-subnet connections?
Kevin Locke
kevin at kevinlocke.name
Sat Mar 12 19:21:02 EST 2011
On Sat, 2011-03-12 at 18:30 -0500, Paul Wouters wrote:
> On Fri, 11 Mar 2011, Kevin Locke wrote:
>> I would like to remove the rightsubnet= parameter from
>> testconn-central so that I would not have to update the configuration
>> any time a guest network is added/removed/changed. However, if I do,
>> the connection fails in STATE_MAIN_R3/STATE_QUICK_I1 with the
>> following message on the central server:
>
> Use:
>
> rightsubnet=vnet:%priv
>
> Then you can have one (or more) subnets. As long as they appear in virtual_private=,
> they are allowed. It is dangerous to allow ANY subnet, but if you want to do that,
> you can add 0/0 to virtual private.
rightsubnet=vnet:%priv is exactly what I was looking for. Thanks!
Did I overlook this in one of the man pages, or is it undocumented
(and, if so, would you like a patch to document it)?
--
Cheers, | kevin at kevinlocke.name | JIM: kevinoid at jabber.org
Kevin | http://kevinlocke.name | IRC: kevinoid on freenode
More information about the Users
mailing list