[Swan] IPSec Overlapping IP solutions

John Weir john.weir at pharos-ei.com
Thu Dec 29 21:04:20 UTC 2016


Hello,

How does one go about handling an overlapping IP?  

I understand this question is broader than LibreSwan, but perhaps there is a solution particular to LibreSwan or ipsec.  My own research has left me more confused than enlighten. I am very new to networking and a slow learner.

The situation is:

Left side is on network 10.0.0.0/16 hosted on AWS
Right side is 10.0.0.0/8 hosted by a third party

Both sides are run by different organizations and are not able to change their internal networks.

The configuration is

        leftid=hidden     # conf for AWS 
        left=10.0.127.5  # Elastic IP
        leftsubnet=10.0.128.0/24

        right=hidden
        rightsubnet=10.0.0.4/32

What perhaps makes this a simpler problem, is the connection is essentially client based: the left will be connecting to the right, but the right has no access to the left. And perhaps even simpler only a single IP on the right is required.

Any advice, or pointers to documentation will be very much appreciated.

Thank you very much - John


More information about the Swan mailing list