<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-8-i"></HEAD><BODY dir="rtl" style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">
<BLOCKQUOTE dir=rtl style="MARGIN-LEFT: 0px">
<BLOCKQUOTE dir=rtl style="MARGIN-LEFT: 0px"><DIV align=left>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Hi all <?xml:namespace prefix =
o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have an openswan tunnel
between two 2.4.20 linux stations - 172.16.20.20 and 192.168.20.20 with the
subnets 172.16.0.0/16 and 192.168.0.0/16 accordingly, it seems to work
well.<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">The problem is that it doesn't
encrypted the traffic between the IPSEC stations (traffic from 172.16.20.20
to 192.168.20.20 and vise versa) , this traffic is passed as clear
text.<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I see that the ipsec_eroute mark
this as pass, how I can disable this state so also the host to host traffic
would bi encrypted.<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
lang=FR
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: FR">cat
/proc/net/ipsec_eroute </SPAN><SPAN lang=HE dir=rtl
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
dir=ltr></SPAN><SPAN dir=ltr></SPAN><SPAN lang=FR
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: FR"><SPAN
dir=ltr></SPAN><SPAN dir=ltr></SPAN>1<SPAN
style="mso-spacerun: yes">
</SPAN>0.0.0.0/0<SPAN
style="mso-spacerun: yes">
</SPAN>-> 0.0.0.0/0<SPAN
style="mso-spacerun: yes">
</SPAN>=> %trap</SPAN><SPAN lang=HE dir=rtl
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
dir=ltr></SPAN><SPAN dir=ltr></SPAN><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><SPAN dir=ltr></SPAN><SPAN
dir=ltr></SPAN>0<SPAN
style="mso-spacerun: yes">
</SPAN>172.16.0.0/16<SPAN
style="mso-spacerun: yes"> </SPAN>->
192.168.0.0/16<SPAN style="mso-spacerun: yes">
</SPAN>=> tun0x1002@192.168.20.20<SPAN lang=HE
dir=rtl><o:p></o:p></SPAN></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
dir=ltr></SPAN><SPAN dir=ltr></SPAN><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><SPAN dir=ltr></SPAN><SPAN
dir=ltr></SPAN>118<SPAN
style="mso-spacerun: yes">
</SPAN>172.16.20.20/32<SPAN style="mso-spacerun: yes">
</SPAN>-> 192.168.20.20/32<SPAN style="mso-spacerun: yes">
</SPAN>=> %pass<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks a
lot.<o:p></o:p></SPAN></P></DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>