Re: [CentOS] Openswan 2.4.6rc5 under CentOS 4.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Bas Rijniersce wrote:

Not having an ipsec interface caused me quite a bit of trouble before. So I
really want KLIPS.

Well, yes, the routing can get a bit non-intuitive and a bit harder to figure out when using native IPSec...

If the other side supports GRE, you can configure the tunnel using GRE, than place it into IPSec. Not ideal solution, but that way you'll get virtual interfaces and conventional routing if you really want/need that tunnel has its own virtual interface. You'd create GRE tunnel between A and B (external addresses of your VPN endpoints), create IPSec policy that traffic between A and B has to be encrypted (the "place GRE tunnel into IPSec" part), than simply route traffic into GRE interfaces. I've used it, it works.

If you go with GRE+IPSec, and you also have firewall on VPN endpoint, you'd want to use IPSec in tunnel mode. Otherwise transport mode will suffice.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux