Thanks, I did that. Now, I no longer have to "clean" the rouoting table each time I start ipsec. On Thu, 28 Oct 2004, [ISO-8859-1] Matías López Bergero wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > I had a problem like the one your mentioned using freeswan. > Looks that the routes are generated by the OE(opportunistic encryption), > you need to disable that in order to prevent those extra routes. > > Now I'm using openswan 1.0.4, a fork of freeswan, because the freeswan > project is no longer in active development. > > Here is the freeswan announcement: > http://www.freeswan.org/ending_letter.html > > BR, > Matías. > > Tony Gogoi wrote: > | Thanks to a mail from one of the list members, I looked at the routing > | table and removed the extra "default" and removed other extranaeous > | entries too. The VPN gateway can now handle both VPN and non-vpn traffic. > | > | So, it was an issue with the routing table rather than the firewalls > | scripts. > | > | I'll now look why ipsec causes those extra entries in the routing table. > | > | On Wed, 20 Oct 2004, Tony Gogoi wrote: > | > | > |> > |>If there is some way of packet filtering on the basis of source and > |>destination address to be able to control on which interface a packet may > |>be sent out, that would be great. > |> > |>While starting IPSEC, route command shows 2 defaults ! on interafaces eth0 > |>and ipsec0. Right now non-vpn traffic is being routed through ipsec0 > |>whenever IPSEC is "up". Is there a way to direct packets to a particular > |>interface of my choosing? That way all packets who's protocol types are > |>not VPN protocol types could be directed on that interface. > |> > |>On Wed, 20 Oct 2004, Tony Gogoi wrote: > |> > |>>Is there a way to disnguish between VPN and Non-VPN traffic in iptables > |>>while the VPN tunnel is "up"? > |>> > |>>Any hints will be appreciated. > |>> > |>>Thanks, > |>>Tony > |>> > |>> > |> > |> > |> > |>Tony Gogoi > |> > | > | > | > | > | Tony Gogoi > | - > | : send the line "unsubscribe linux-admin" in > | the body of a message to majordomo@xxxxxxxxxxxxxxx > | More majordomo info at http://vger.kernel.org/majordomo-info.html > | > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFBgV+kRB0HKLRQp/gRAiouAJ9Yk33KcqXZAUND2IygREADer0xPACeKKGC > Ai3bjZUi7hY7AC3Q6fvueOc= > =h9Uq > -----END PGP SIGNATURE----- > - > : send the line "unsubscribe linux-admin" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > Tony Gogoi - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
