IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Internet traffic unencrypted

From: Andreas Steffen (andreas.steffen_at_zhwin.ch)
Date: Thu Jul 18 2002 - 14:36:27 CEST

You need only one connection definition:

conn subnet
   right=%any
   left=1xx.xx.137.86
   leftca="C=DE, S=State, L=Hannover, O=UNI, OU=ISDE, CN=CA, Email=CA_at_isde.de"
   leftsubnet=0.0.0.0/0
   network=auto
   auto=add
   pfs=yes

This covers both the private subnet and the internet
access.

Regards

Andreas

> Adrian Blockus wrote:
>
> Hi,
>
> my setup is the following:
>
>
> 1xx.xx.137.80/28 <--Subnet
> ||
> ||
> ||
> 1xx.xx.137.86 <-------frees/wan eth0
> |
> 1xx.xx.137.10 <-------frees/wan eth1
> |
> |
> |
> 1xx.xx.137.0/24 <----private LAN
> |
> |
> 1xx.xx.137.250 <---Internet gateway
>
> I want to secure all traffic between the subnet and the private LAN. At the
> moment only the packets which are destined for the private LAN are encrypted.
> But I want the internet traffic from the subnet to be encrypted, too.
>
> I use the following connection definitions:
>

>
> conn subnet-net
> right=%any
> left=1xx.xx.137.86
> leftsubnet=1xx.xx.137.0/24
> leftca="C=DE,S=State,L=Hannover,O=UNI,OU=ISDE,CN=CA,Email=CA_at_isde.de"
> network=auto
> auto=start
> pfs=yes
>
> Do I need another definition for internet connections?
>
> Thanx, Adrian Blockus

Content Security by MailMarshal
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:24 CEST