Troy Aden wrote: <snip>
I have a question of my own for the list. :)
Can you have multiple rightsubnet= or leftsubnet= in your ipsec config for a single connection? I want to connect two networks that have multiple subnets. Thus far I have gotten away with just putting entries like 172.16.0.0/16 connecting to 192.168.0.0/16. That solution is no longer practical however and I am wondering if I can change it to multiple leftsubnet/rightsubnet entries to reflect the actual networks that I am linking. Can anyone tell me the syntax I would use to do this? :)
Thanks in advance!
Sure you can...sort of. What you're missing is the fact that each additional [left|right]subnet entry requires a new connection specification. If you don't have a lot of connections, managing them by hand (or maybe with some simple scripts) is possible. If you decide you want to do this, I suggest using descriptive names for you connections to avoid any ambiguity based on IP addresses, ie:
[left|[EMAIL PROTECTED]
If you find your configuration getting too complex, the next best option is probably to push the complexity from your IPSec configuration into the routing domain. Remember you can only pass traffic that matches a connections endpoint specifications through an IPSec tunnel, so you can't simply use an IPSec connection like a virtual 'wire' and route traffic down it. The way around this is to setup point-point IPSec connections between your gateway boxes (rather than the subnet-subnet links it sounds like you're using). Once you have these links in place, you run GRE tunnels over the IPSec tunnels (so all traffic matches the source/destination IP's listed in the connection description), then run the routing protocol of your choice (or even static routing) across the GRE tunnels.
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
