[Openswan Users] overlapping left/right networks
Neal Murphy
neal.p.murphy at alum.wpi.edu
Thu Dec 4 14:14:06 EST 2014
On Thursday, December 04, 2014 08:04:15 AM Dmitry Chirikov wrote:
> I am new in OpenSwan and ipsec, so please guide me carefully :)
>
> My local network is 10.12.3.0/24. I need to get access to
> networks: 10.12.0.{0,1,2}/24
> My "right" side owns some Cisco device and playing some kind of "hub" role
> asks me to set:
> leftsubnet=10.12.3.0/24
> rightsubnet=10.12.0.0/16
> If I am setting it that way I immediately loosing the connection to my
> local 3.0/24 network peers, And that looks obvious for me, because AFAIK,
> routing decision goes after encryption. Mediation to tcpdump, iptables
> counters and ip xfrm monitor outputs confirm my suggestions.
>
> Can I tune my ipsec configuration somehow to fix it?
You should be able to specify
rightsubnets={10.12.0.0/24,10.12.1.0/24,10.12.2.0/24}
or something much like that (I forget the correct syntax).
More information about the Users
mailing list