[Openswan Users] single ip not a subnet for leftsubnet
Tuomo Soini
tis at foobar.fi
Thu Apr 5 04:02:42 EDT 2012
On Thu, 05 Apr 2012 08:50:33 +0100
Alex Crow <acrow at integrafin.co.uk> wrote:
> > How would I specify a single ip address using openswan for the
> > NETKEYS routing?
> >
> > This is something I cannot budge on.
> >
> > I tried this but it doesn't seam to work.
> > leftsubnet = x.x.x.x1/32
> >
>
> If the IP addresses are going to be IPSEC endpoints, you can just
> leave out the "leftsubnet" line.
This might be the only way to support host while I'm not sure. Openswan
doesn't support host at all - it only supports subnet. Only
implementation I know which does use host is Checkpoint. There is ne
idea in "host" because "host/32" is exactly same so host option is
completely redundant.
> However I find it suprising that specifying a /32 doesn't work. It's
> a perfectly valid way of writing it.
It's not the same thing if remote ipsec actually wants host.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Users
mailing list