Hi zhuyj and listreaders, On 12.06.2015 10:54, zhuyj wrote: > In the above ipsec.conf file, if I use right/leftsubnet with 0.0.0.0/0, > the whole system can not work well. > If I use right/leftsubnet with 10.1 or 2.0.0/16, the whole system can > work well.
I've had similar experience and found exactly one working solution. I had to cut out local sbnet from tunnels to the other side, f.e. leftsubnet: 00.0.0.0/8 rightsubnet: 10.1.0.0/16 results in tunnels on the right side to the left like this: 0.0.0.0/5 8.0.0.0/7 10.0.0.0/16 10.2.0.0/15 10.4.0.0/14 10.8.0.0/13 10.16.0.0/12 10.32.0.0/11 10.64.0.0/10 10.128.0.0/9 11.0.0.0/8 12.0.0.0/6 16.0.0.0/4 32.0.0.0/3 64.0.0.0/2 128.0.0.0/1 These are exactly all the possible nets except the local subnet. For calculating I use ipaddr.py, easily installed using apt-get install python-ipaddr apt-get install python3-ipaddr May the source be with you. Kind regards from Cologne, Germany Johannes -- Johannes Hubertz Geschäftsführender Gesellschafter der hubertz-it-consulting GmbH Sitz: Grengeler Mauspfad 111a, D-51147 Köln, European Common, Handelsregister: Köln HRB55865, Ust.-ID Nr.: DE814465092 Tel.: +49 (0) 1607421564 Electronic Mail: [email protected] GnuPG Fingerprint: a81f e2da f1f9 a0e3 be20 b2b0 005e a2e3 cff5 a06f Ihr Service für Datenschutz und Informationssicherheit: Verlässliche Netzwerke für vertrauliche Kommunikation
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
