[Openswan Users] overlapping left/right networks
Neal Murphy
neal.p.murphy at alum.wpi.edu
Thu Dec 4 17:00:22 EST 2014
On Thursday, December 04, 2014 04:31:59 PM Dmitry Chirikov wrote:
> For some reason, I can't:
> 000 "CONN/0x1": 10.12.3.0/24===local<local>[+S=C]...remote<remote>[+S=C]===
> 10.12.0.0/24; unrouted; eroute owner: #0
> 000 "CONN/0x2": 10.12.3.0/24===local<local>[+S=C]...remote<remote>[+S=C]===
> 10.12.1.0/24; unrouted; eroute owner: #0
> 000 "CONN/0x3": 10.12.3.0/24===local<local>[+S=C]...remote<remote>[+S=C]===
> 10.12.2.0/24; unrouted; eroute owner: #0
>
> May be that is because left and right configs are not in sync now.
Most likely; both sides must agree.
Wait. Is that /16 really correct? Should rightsubnet be 10.12.0.0/22? This
address would encompass 10.12.0.0/24, 10.12.1.0/24, 10.12.2.0/24 and
10.20.3.0/24.
That confusion aside, do you need a policy that specifically targets traffic
between 10.12.3.0/24 and 10.12.3.0/24 so that such traffic is *not* tunnelled?
Or use KLIPS and normal routing....
More information about the Users
mailing list