I believe you will need two separate connections. This is the kind of activity that we hope to automate with the ISCS project (http://iscs.sourceforge.net), i.e., to automatically create and activate the tunnels and make it easy to impose control on who can send what data into the tunnel. Good luck - John
On Tue, 2003-07-29 at 23:31, Fernando Serto wrote: > hey folks, I have freeswan running on slackware without any problems, > but, we decided to let the engineers access the engineering network from > home... the tricky part is that they still need to access the "common" > network. is it possible to add two "leftsubnet" entries for the same > connection? > > 192.168.10.0/24 is the "common" network (mail server, file server, etc..) > 192.168.70.0/24 is the engineering network (their test boxes) > > I have the following ipsec.conf file (i'll provide only the gateway file) > conn fserto > authby=secret > leftsubnet=192.168.10.0/24 > LEFTSUBNET=192.168.70.0/24 <=== Can I add this? > rightsubnet=192.168.1.0/24 > leftnexthop=%defaultroute > rightnexthop=r.r.r.y > left=l.l.l.x > right=r.r.r.x > auto=add > pfs=yes > > cheers, > Fernando -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 [EMAIL PROTECTED] --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
