Troy
Troy Aden wrote:
Hello all, This may seem a silly question but I have not been able to find
any info in any how-to or docs and I am hoping someone here can help me out.
http://www.freeswan.org/freeswan_trees/freeswan-1.98b/doc/manpage.d/ipsec.conf.5.html
Define a single connection for each subnet. You can use the also= statement to include common parameters.
The question is : How do I setup the IPSEC config so that I route only
specific subnets over the IPSEC tunnel. Currently, I have set it up by
simply using a large subnet mask that encompasses all the networks on either
side of the link. (see my exmaple below) The problem is that I need to be
more granular now and only route specific subnets over the link. I have
played with it for awhile now and I can't seem to have more than one subnet
declaration in my default conn statement. For example lets say I want only
192.168.130.0/24 and 192.168.134.0/24 to get routed over the IPSEC on router
A and I only want 172.31.0.0/16 and 172.161.0.0/16 on router B. These are
the only subnets I would like to be able to communicate over the IPSEC
link... Is there a clean way to do this? Please have a look at my configs
below and let me know how I should do this.
e.g.
conn xx
also=common_conn_params
rightsubnet=10.0.0.32/27
auto=add
conn comon_conn_params left=xx.yy.zz.nn leftsubnet=aa.bb.cc.dd/nn ......
cheers Erich
------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
