Troy
Troy Aden wrote:
Hello all, This may seem a silly question but I have not been able to find
any info in any how-to or docs and I am hoping someone here can help me out.
http://www.freeswan.org/freeswan_trees/freeswan-1.98b/doc/manpage.d/ipsec.conf.5.html
Define a single connection for each subnet. You can use the also= statement to include common parameters.
The question is : How do I setup the IPSEC config so that I route only
specific subnets over the IPSEC tunnel. Currently, I have set it up by
simply using a large subnet mask that encompasses all the networks on either
side of the link. (see my exmaple below) The problem is that I need to be
more granular now and only route specific subnets over the link. I have
played with it for awhile now and I can't seem to have more than one subnet
declaration in my default conn statement. For example lets say I want only
192.168.130.0/24 and 192.168.134.0/24 to get routed over the IPSEC on router
A and I only want 172.31.0.0/16 and 172.161.0.0/16 on router B. These are
the only subnets I would like to be able to communicate over the IPSEC
link... Is there a clean way to do this? Please have a look at my configs
below and let me know how I should do this.
e.g.
conn xx
also=common_conn_params
rightsubnet=10.0.0.32/27
auto=add
conn comon_conn_params left=xx.yy.zz.nn leftsubnet=aa.bb.cc.dd/nn ......
Another option for complex routing problems with IPSec is to switch to using host-host tunnels, with another tunneling protocol on top of IPSec (typically GRE). You can then run routing protocols like RIP or BGP across the GRE tunnels, or use the kernel routing tables (rather than the IPSec configuration) to set up all your subnet routing (if it's not complex or dynamic enough to require a routing protocol).
There's a nice picture of the basic idea on the Cisco website: http://www.cisco.com/warp/public/707/gre_ipsec_ospf.html#diag
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
