> -----Original Message-----
> From: Michael [mailto:monowall at encambio dot com]
> Sent: Friday, 2 April 2010 17:18
> To: Chris Buechler
> Cc: M0n0wall
> Subject: Re: [m0n0wall] How to route OPT traffic to IPSec tunnel?
> Hello Chris,
> On Thurs., Apr 01, 2010, Chris Buechler wrote:
> >On Thu, Apr 1, 2010 at 2:21 PM, Michael wrote:
> >> But how to do that without adding another tunnel? You see from the
> >> LAN and OPT subnet numbers that they are not summarizable as
> >> mentioned in the FAQ 15.26 (How can I route multiple subnets over
> >> a site to site IPSec VPN.) And I don't want to set up new tunnels.
> >There is no other option. It must match a SPD entry to go across
> >IPsec, the routing table cannot send traffic over IPsec.
> Okay, thanks for pointing it out. I guess I'll have to double my
> IPSec tunnel configurations then, and give each OPT interface its
> own tunnel to all of the other hosts (not very scalable.)
If you want scalable, configure the networks as subnets of one supernet, and away you go.
You simply cannot configure a network as you have and want the functionality you need. You *CAN*
make it scalable if you configure your network to be able to be scalable.
Hilton Travis Phone: +61 (0)7 3105 9101
(Brisbane, Australia) Phone: +61 (0)419 792 394
Manager, Quark IT http://www.quarkit.com.au
Quark Group http://www.quarkgroup.com.au
War doesn't determine who is right. War determines who is left.
This document and any attachments are for the intended recipient only.
It may contain confidential, privileged or copyright material which
must not be disclosed or distributed without prior approval.
Quark Group Pty Ltd :: ABN 23 114 975 772
Trading As Quark AudioVisual, Quark Automation, Quark IT