[Swan] no work - Subnet extrusion - in CentOS 6.8

Sergey Mihailov sergey.mihailov at gmail.com
Mon Jul 25 06:17:32 UTC 2016


( Sorry Bad my english )

Its correct ? :
( remote side )
---
conn mytunnel
    leftid=@off1.net.prn.int
    left=192.168.121.17
    leftsourceip=192.168.129.254
    leftsubnets={192.168.129.0/24 192.168.128.0/24} # <--- ? (subnets)
    leftrsasigkey=0sAQ1xad9N...
    #
    rightid=@main.prn.int
    right=192.168.121.1
    rightsourceip=192.168.1.60
    rightsubnet=0.0.0.0/0
    rightrsasigkey=0sAQMCfFm....
    #
    authby=rsasig
    auto=start

conn 129-exclude
    left=0.0.0.0 # <---- ? (left)
    leftsubnet=192.168.129.0/24
    right=192.168.129.254
    rightsubnet=192.168.129.0/24
    authby=never
    type=passthrough
    auto=route

conn 128-exclude
    left=192.168.128.250
    leftsubnet=192.168.128.0/24
    right=0.0.0.0  # <----- ? (right)
    rightsubnet=192.168.128.0/24
    authby=never
    type=passthrough
    auto=route
---

No really works in CentOS 6.8 + updates.
I see : https://libreswan.org/wiki/Subnet_extrusion
...

conn branch1 # <--- ? ( branch1 )
    left=1.2.3.4
    leftid=@headoffice
    leftsubnet=0.0.0.0/0
    leftrsasigkey=0sA[...]
    #
    right=10.11.12.13
    rightid=@branch2 # <---- ? ( branch2 )
    righsubnet=10.0.1.0/24
    rightrsasigkey=0sAYYYY[...]
    #
    auto=start
    authby=rsasigkey

conn passthrough
    left=1.2.3.4  # <--- ? ( from headoffice)
    right=0.0.0.0
    leftsubnet=10.0.1.0/24 # <--- ? ( from brach2 )
    rightsubnet=10.0.1.0/24
    authby=never
    type=passthrough
    auto=route
...

strange :(

Thanks.
-- 
mx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160725/32c0f564/attachment.html>


More information about the Swan mailing list