[strongSwan] right/leftsubnet with 0.0.0.0/0 or some specific network

[Zhuyj]

thanks a lot!

发自我的 iPhone

> 在 2015年6月14日，16:32，Johannes Hubertz <johannes at hubertz.de> 写道：
> 
> Hi zhuyj and listreaders,
> 
>> On 12.06.2015 10:54, zhuyj wrote:
>> In the above ipsec.conf file, if I use right/leftsubnet with 0.0.0.0/0,
>> the whole system can not work well.
>> If I use right/leftsubnet with 10.1 or 2.0.0/16, the whole system can
>> work well.
> 
> I've had similar experience and found exactly one working solution. I
> had to cut out local sbnet from tunnels to the other side, f.e.
> 
> leftsubnet: 00.0.0.0/8
> rightsubnet: 10.1.0.0/16
> 
> results in tunnels on the right side to the left like this:
> 0.0.0.0/5
> 8.0.0.0/7
> 10.0.0.0/16
> 10.2.0.0/15
> 10.4.0.0/14
> 10.8.0.0/13
> 10.16.0.0/12
> 10.32.0.0/11
> 10.64.0.0/10
> 10.128.0.0/9
> 11.0.0.0/8
> 12.0.0.0/6
> 16.0.0.0/4
> 32.0.0.0/3
> 64.0.0.0/2
> 128.0.0.0/1
> 
> 
> These are exactly all the possible nets except the local subnet.
> 
> For calculating I use ipaddr.py, easily installed using
> 
> apt-get install python-ipaddr
> apt-get install python3-ipaddr
> 
> May the source be with you.
> 
> Kind regards from Cologne, Germany
> 
> Johannes
> 
> 
> -- 
> Johannes Hubertz
> 
> Geschäftsführender Gesellschafter der hubertz-it-consulting GmbH
> Sitz: Grengeler Mauspfad 111a,  D-51147 Köln,  European Common,
> Handelsregister:  Köln HRB55865,    Ust.-ID Nr.:  DE814465092
> Tel.: +49 (0) 1607421564      Electronic Mail: it-consult at hubertz.de
> GnuPG Fingerprint: a81f e2da f1f9 a0e3 be20 b2b0 005e a2e3 cff5 a06f
> 
> Ihr Service für Datenschutz und Informationssicherheit:
> Verlässliche Netzwerke für vertrauliche Kommunikation
> 
> [attachment]
> 
> signature.asc
> download: http://u.163.com/t0/4m2bp7zDz
> 
> preview: http://u.163.com/t0/DqpRHjHvi
>