[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] right/leftsubnet with 0.0.0.0/0 or some specific network
From: Zhuyj <mounter625 () 163 ! com>
Date: 2015-06-15 0:28:14
Message-ID: 30D754DC-0C05-4AF6-9602-873C0F52BC03 () 163 ! com
[Download RAW message or body]
thanks a lot!
发自我的 iPhone
> 在 2015年6月14日,16:32,Johannes Hubertz <johannes@hubertz.de> 写道:
>
> Hi zhuyj and listreaders,
>
>> On 12.06.2015 10:54, zhuyj wrote:
>> In the above ipsec.conf file, if I use right/leftsubnet with 0.0.0.0/0,
>> the whole system can not work well.
>> If I use right/leftsubnet with 10.1 or 2.0.0/16, the whole system can
>> work well.
>
> I've had similar experience and found exactly one working solution. I
> had to cut out local sbnet from tunnels to the other side, f.e.
>
> leftsubnet: 00.0.0.0/8
> rightsubnet: 10.1.0.0/16
>
> results in tunnels on the right side to the left like this:
> 0.0.0.0/5
> 8.0.0.0/7
> 10.0.0.0/16
> 10.2.0.0/15
> 10.4.0.0/14
> 10.8.0.0/13
> 10.16.0.0/12
> 10.32.0.0/11
> 10.64.0.0/10
> 10.128.0.0/9
> 11.0.0.0/8
> 12.0.0.0/6
> 16.0.0.0/4
> 32.0.0.0/3
> 64.0.0.0/2
> 128.0.0.0/1
>
>
> These are exactly all the possible nets except the local subnet.
>
> For calculating I use ipaddr.py, easily installed using
>
> apt-get install python-ipaddr
> apt-get install python3-ipaddr
>
> May the source be with you.
>
> Kind regards from Cologne, Germany
>
> Johannes
>
>
> --
> Johannes Hubertz
>
> Geschäftsführender Gesellschafter der hubertz-it-consulting GmbH
> Sitz: Grengeler Mauspfad 111a, D-51147 Köln, European Common,
> Handelsregister: Köln HRB55865, Ust.-ID Nr.: DE814465092
> Tel.: +49 (0) 1607421564 Electronic Mail: it-consult@hubertz.de
> GnuPG Fingerprint: a81f e2da f1f9 a0e3 be20 b2b0 005e a2e3 cff5 a06f
>
> Ihr Service für Datenschutz und Informationssicherheit:
> Verlässliche Netzwerke für vertrauliche Kommunikation
>
> [attachment]
>
> signature.asc
> download: http://u.163.com/t0/4m2bp7zDz
>
> preview: http://u.163.com/t0/DqpRHjHvi
>
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic