[strongSwan] rightsubnet overlap
Vincent Bernat
bernat at luffy.cx
Thu Aug 24 13:26:59 CEST 2017
❦ 24 août 2017 13:11 +0200, John Brown <jb20141125 at gmail.com> :
> Thank you very much for an advice. It looks interesting but also adds
> significant complexity to the solution. Did you find route based VPN
> working for rightsubnet overlap scenario?
Yes, I am using them (if 0.0.0.0/0 as right subnet). But you are right,
this adds some complexity.
> I'm going to try this probably but with libipsec rather that vti devices
> (kernel too old for vti). As far as I understand the solution you've
> proposed I can add priorities to the tunnels by adding a metrics to routes
> (and prefer conn1 over conn2). Am I correct?
Yes.
--
Make it right before you make it faster.
- The Elements of Programming Style (Kernighan & Plauger)
More information about the Users
mailing list