[Openswan Users] overlapping left/right networks
Dmitry Chirikov
dmitry at chirikov.ru
Thu Dec 4 17:15:02 EST 2014
Yes /16 is correct follow the "right"-side-guys' rules. I am not sure this
is supported config, as I wrote in my first letter, so I decided to ask
more experienced folks and (will hope) developers for that.
Regarding KLIPS - I'd like to use it, but this comment from default
ipsec.conf states I cannot:
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
(And I really tried to enable it before asking for help here. Without any
success)
Kind regards,
Dmitry Chirikov
On 4 December 2014 at 23:00, Neal Murphy <neal.p.murphy at alum.wpi.edu> wrote:
> On Thursday, December 04, 2014 04:31:59 PM Dmitry Chirikov wrote:
> > For some reason, I can't:
> > 000 "CONN/0x1": 10.12.3.0/24===local
> <local>[+S=C]...remote<remote>[+S=C]===
> > 10.12.0.0/24; unrouted; eroute owner: #0
> > 000 "CONN/0x2": 10.12.3.0/24===local
> <local>[+S=C]...remote<remote>[+S=C]===
> > 10.12.1.0/24; unrouted; eroute owner: #0
> > 000 "CONN/0x3": 10.12.3.0/24===local
> <local>[+S=C]...remote<remote>[+S=C]===
> > 10.12.2.0/24; unrouted; eroute owner: #0
> >
> > May be that is because left and right configs are not in sync now.
>
> Most likely; both sides must agree.
>
> Wait. Is that /16 really correct? Should rightsubnet be 10.12.0.0/22? This
> address would encompass 10.12.0.0/24, 10.12.1.0/24, 10.12.2.0/24 and
> 10.20.3.0/24.
>
> That confusion aside, do you need a policy that specifically targets
> traffic
> between 10.12.3.0/24 and 10.12.3.0/24 so that such traffic is *not*
> tunnelled?
>
> Or use KLIPS and normal routing....
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141204/4334d4fe/attachment.html>
More information about the Users
mailing list