[strongSwan] right/leftsubnet with 0.0.0.0/0 or some specific network
Zhuyj
mounter625 at 163.com
Mon Jun 15 02:28:14 CEST 2015
thanks a lot!
发自我的 iPhone
> 在 2015年6月14日,16:32,Johannes Hubertz <johannes at hubertz.de> 写道:
>
> Hi zhuyj and listreaders,
>
>> On 12.06.2015 10:54, zhuyj wrote:
>> In the above ipsec.conf file, if I use right/leftsubnet with 0.0.0.0/0,
>> the whole system can not work well.
>> If I use right/leftsubnet with 10.1 or 2.0.0/16, the whole system can
>> work well.
>
> I've had similar experience and found exactly one working solution. I
> had to cut out local sbnet from tunnels to the other side, f.e.
>
> leftsubnet: 00.0.0.0/8
> rightsubnet: 10.1.0.0/16
>
> results in tunnels on the right side to the left like this:
> 0.0.0.0/5
> 8.0.0.0/7
> 10.0.0.0/16
> 10.2.0.0/15
> 10.4.0.0/14
> 10.8.0.0/13
> 10.16.0.0/12
> 10.32.0.0/11
> 10.64.0.0/10
> 10.128.0.0/9
> 11.0.0.0/8
> 12.0.0.0/6
> 16.0.0.0/4
> 32.0.0.0/3
> 64.0.0.0/2
> 128.0.0.0/1
>
>
> These are exactly all the possible nets except the local subnet.
>
> For calculating I use ipaddr.py, easily installed using
>
> apt-get install python-ipaddr
> apt-get install python3-ipaddr
>
> May the source be with you.
>
> Kind regards from Cologne, Germany
>
> Johannes
>
>
> --
> Johannes Hubertz
>
> Geschäftsführender Gesellschafter der hubertz-it-consulting GmbH
> Sitz: Grengeler Mauspfad 111a, D-51147 Köln, European Common,
> Handelsregister: Köln HRB55865, Ust.-ID Nr.: DE814465092
> Tel.: +49 (0) 1607421564 Electronic Mail: it-consult at hubertz.de
> GnuPG Fingerprint: a81f e2da f1f9 a0e3 be20 b2b0 005e a2e3 cff5 a06f
>
> Ihr Service für Datenschutz und Informationssicherheit:
> Verlässliche Netzwerke für vertrauliche Kommunikation
>
> [attachment]
>
> signature.asc
> download: http://u.163.com/t0/4m2bp7zDz
>
> preview: http://u.163.com/t0/DqpRHjHvi
>
More information about the Users
mailing list