[ previous ] [ next ] [ threads ]
 From:  Michael <monowall at encambio dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  M0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] How to route OPT traffic to IPSec tunnel?
 Date:  Fri, 2 Apr 2010 09:17:58 +0200
Hello Chris,

On Thurs., Apr 01, 2010, Chris Buechler wrote:
>On Thu, Apr 1, 2010 at 2:21 PM, Michael wrote:
>> But how to do that without adding another tunnel? You see from the
>> LAN and OPT subnet numbers that they are not summarizable as
>> mentioned in the FAQ 15.26 (How can I route multiple subnets over
>> a site to site IPSec VPN.) And I don't want to set up new tunnels.
>There is no other option. It must match a SPD entry to go across
>IPsec, the routing table cannot send traffic over IPsec.
Okay, thanks for pointing it out. I guess I'll have to double my
IPSec tunnel configurations then, and give each OPT interface its
own tunnel to all of the other hosts (not very scalable.)