Menu
▾
▴
[Ipsec-tools-commits] [ ipsec-tools-Support Requests-978285 ] Overlapping Subnets
|
From: SourceForge.net <no...@so...> - 2004-06-25 06:53:13
|
Support Requests item #978285, was opened at 2004-06-23 17:12 Message generated for change (Comment added) made by monas You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541483&aid=978285&group_id=74601 Category: Configuration Group: setkey Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Overlapping Subnets Initial Comment: Hi I have a Company with a star-net-vpn. Headquarter Local Subnet: 172.21.21.0/24 Branch-Offices Local Subnets 172.21.1.0/24, 172.21.2.0/24 ... Using FreeSwan is was possible to define Connections with overlapping Subnets like that: leftsubnet: 172.21.0.0/18 rightsubnet: 172.21.1.0/24 With racoon i defined the SPDs: spdadd 172.21.1.0/24 172.21.0.0/18 any -P out ipsec esp/tunnel/194.208.xxx.xxx- 194.208.xxx.xxx/require ; spdadd 172.21.0.0/18 172.21.1.0/24 any -P in ipsec Now, the Gateway 172.21.1.1 is unreachable from the Local Net. I think its because the packets for 172.21.1.0/24 are going out through the Tunnel to the Headquarter an not to the LAN. Is ther any workaround ? Thanks in advance Ludwig l.h...@lu... ---------------------------------------------------------------------- >Comment By: Aidas Kasparas (monas) Date: 2004-06-25 08:53 Message: Logged In: YES user_id=39627 Insert two rules: spdadd 172.17.1.0/24 172.17.1.0 any -P in none; spdadd 172.17.1.0/24 172.17.1.0 any -P out none; These should be inserted *BEFORE* your rules or with higher priority to take effect. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541483&aid=978285&group_id=74601 |