[Openswan Users] overlapping left/right networks

Neal Murphy neal.p.murphy at alum.wpi.edu
Thu Dec 4 17:00:22 EST 2014


On Thursday, December 04, 2014 04:31:59 PM Dmitry Chirikov wrote:
> For some reason, I can't:
> 000 "CONN/0x1": 10.12.3.0/24===local<local>[+S=C]...remote<remote>[+S=C]===
> 10.12.0.0/24; unrouted; eroute owner: #0
> 000 "CONN/0x2": 10.12.3.0/24===local<local>[+S=C]...remote<remote>[+S=C]===
> 10.12.1.0/24; unrouted; eroute owner: #0
> 000 "CONN/0x3": 10.12.3.0/24===local<local>[+S=C]...remote<remote>[+S=C]===
> 10.12.2.0/24; unrouted; eroute owner: #0
> 
> May be that is because left and right configs are not in sync now.

Most likely; both sides must agree.

Wait. Is that /16 really correct? Should rightsubnet be 10.12.0.0/22? This 
address would encompass 10.12.0.0/24, 10.12.1.0/24, 10.12.2.0/24 and 
10.20.3.0/24.

That confusion aside, do you need a policy that specifically targets traffic 
between 10.12.3.0/24 and 10.12.3.0/24 so that such traffic is *not* tunnelled?

Or use KLIPS and normal routing....


More information about the Users mailing list