Re: [LARTC] Re: IPSec tunnel and routing

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ip ro add 192.168.2.0/24 via 10.2.0.1 dev ethx src 192.168.1.1
the spd policies will then match and encrypt the traffic.

this is the same solution like you have to do for the freeswan
ipsec stack.

for me it works...

Alexander Kotelnikov (sacha@xxxxxxxxxxx) schrieb:
>
> >>>>> On Mon, 05 Dec 2005 06:08:30 +0100
> >>>>> "AU" == Andreas Unterkircher <unki@xxxxxxxxxxxx> wrote:
> AU>
> AU> Alexander Kotelnikov schrieb:
> >> Ok, I would not ask all this if I have no problem with
> >> tunnelling. With configuration like described above, where multihomed
> >> maches have ip-addresses (192.168.1.1, 10.1.0.1) and (192.168.2.1,
> >> 10.2.0.1) tunneling works for all machines, but these two
> >> routers. This happenes becase if we send a packet from 10.1.0.1 into
> >> 192.168.2/24 this packet does not come to ipsec, but is pushed to
> >> default gateway, if it exists. In other words, local generated packets
> >> do not come through prerouting or something.
> >>
> AU> You have to add a route on 10.1.0.1 to make sure packets which belong to
> AU> 192.168.2.0/24 have
> AU> a src address of 192.168.1.1.
>
> Very funny, how do you imagine this could be done?
>
> --
> Alexander Kotelnikov
> Saint-Petersburg, Russia
>
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux