2008 November 22 - AndyCapp corner - quando hai dato troppo devi andare, fare posto

Archive for November 22nd, 2008

Subnet multiple in IPSEC

November 22nd, 2008 by AndyCapp

Una volta per tutte, NO, non si può fare usando OpenSwan o FreeSwan

conn alfa
        left=1.2.3.4
        leftsubnet=192.168.1.0/24
        leftnexthop=%defaultroute
        right=5.6.7.8
        rightsubnet=192.168.0.0/24, 172.16.0.0/16
        rightnexthop=%defaultroute
        auto=add

Workaround

Create N connessioni identiche, una per ogni subnet che volete pubblicare

conn alfa

left=1.2.3.4

leftsubnet=192.168.1.0/24

leftnexthop=%defaultroute

right=5.6.7.8

rightsubnet=192.168.0.0/24

rightnexthop=%defaultroute

auto=add



conn beta

left=1.2.3.4

leftsubnet=192.168.1.0/24

leftnexthop=%defaultroute

right=5.6.7.8

rightsubnet=172.16.0.0/16

rightnexthop=%defaultroute

auto=add

Category: Work | No Comments »

Pages
Misura la censura
Calendar
November 2008

M T W T F S S

« Oct Dec »

1 2

3 4 5 6 7 8 9

10 11 12 13 14 15 16

17 18 19 20 21 22 23

24 25 26 27 28 29 30
Gallery
My profile

AndyCapp corner

Archive for November 22nd, 2008

Subnet multiple in IPSEC

Pages

Misura la censura

Calendar

Gallery

My profile

Recent Comments

Blogroll

My last.fm

November 2008
M	T	W	T	F	S	S
« Oct				Dec »
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

AndyCapp corner

Archive for November 22nd, 2008

Subnet multiple in IPSEC

Pages

Misura la censura

Calendar

Gallery

My profile

Recent Comments

Blogroll

Tag Cloud

My last.fm