Subnet multiple in IPSEC
November 22nd, 2008 by AndyCapp
Una volta per tutte, NO, non si può fare usando OpenSwan o FreeSwan
conn alfa
left=1.2.3.4
leftsubnet=192.168.1.0/24
leftnexthop=%defaultroute
right=5.6.7.8
rightsubnet=192.168.0.0/24, 172.16.0.0/16
rightnexthop=%defaultroute
auto=add
Workaround
Create N connessioni identiche, una per ogni subnet che volete pubblicare
conn alfa
left=1.2.3.4
leftsubnet=192.168.1.0/24
leftnexthop=%defaultroute
right=5.6.7.8
rightsubnet=192.168.0.0/24
rightnexthop=%defaultroute
auto=add
conn beta
left=1.2.3.4
leftsubnet=192.168.1.0/24
leftnexthop=%defaultroute
right=5.6.7.8
rightsubnet=172.16.0.0/16
rightnexthop=%defaultroute
auto=add
This entry was posted on Saturday, November 22nd, 2008 at 1:26 pm and is filed under Work. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
