AndyCapp corner

Subnet multiple in IPSEC

Una volta per tutte, NO, non si può fare usando OpenSwan o FreeSwan

conn alfa
        left=1.2.3.4
        leftsubnet=192.168.1.0/24
        leftnexthop=%defaultroute
        right=5.6.7.8
        rightsubnet=192.168.0.0/24, 172.16.0.0/16
        rightnexthop=%defaultroute
        auto=add

Workaround

Create N connessioni identiche, una per ogni subnet che volete pubblicare

conn alfa

left=1.2.3.4

leftsubnet=192.168.1.0/24

leftnexthop=%defaultroute

right=5.6.7.8

rightsubnet=192.168.0.0/24

rightnexthop=%defaultroute

auto=add



conn beta

left=1.2.3.4

leftsubnet=192.168.1.0/24

leftnexthop=%defaultroute

right=5.6.7.8

rightsubnet=172.16.0.0/16

rightnexthop=%defaultroute

auto=add

This entry was written by AndyCapp, posted on November 22, 2008 at 1:26 pm, filed under Work and tagged freeswan, ipsec, openswan. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

M	T	W	T	F	S	S
« Oct				Dec »
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Subnet multiple in IPSEC

Post a Comment

Pages

Categories

Archives

Calendar

Gallery